Table of Contents
Advertisement
Transform Set
Name
ESP Encryption
Cisco Router and Security Device Manager Version 2.2 User's Guide
13-38
You can create multiple transform sets and then specify one or more of them in a
crypto map entry. The transform set defined in the crypto map entry will be used
in the IPSec security association negotiation to protect the data flows specified by
that crypto map entry's access list.
During IPSec security association negotiations with IKE, the peers search for a
transform set that is the same at both peers. When that transform set is found, it
is selected and applied to the protected traffic as part of both peers' IPSec security
associations.
Name given to the transform set.
SDM recognizes the following
ESP_DES—Encapsulating Security Payload (ESP), Data Encryption
•
Standard (DES). DES supports 56-bit encryption.
ESP_3DES—ESP, Triple DES. This is a stronger form of encryption than
•
DES, supporting 168-bit encryption.
ESP_AES_128—ESP, Advanced Encryption Standard (AES). Encryption
•
with a 128-bit key. AES provides greater security than DES and is
computationally more efficient than 3DES.
ESP_AES_192—ESP, AES encryption with a 192-bit key.
•
ESP_AES_256—ESP, AES encryption with a 256-bit key.
•
ESP_NULL—Null encryption algorithm, but encryption transform used.
•
•
ESP_SEAL—ESP with the 160-bit encryption key Software Encryption
Algorithm (SEAL) encryption algorithm. SEAL (Software Encryption
Algorithm) is an alternative algorithm to software-based Data Encryption
Standard (DES), Triple DES (3DES), and Advanced Encryption Standard
(AES). SEAL encryption uses a 160-bit encryption key and has a lower
impact to the CPU when compared to other software-based algorithms.
ESP
encryption types:
Chapter 13
IP Security
OL-4015-08
Advertisement
Table of Contents
Troubleshooting
