Table of Contents
Advertisement
Chapter 30
More About....
Allowable Transform Combinations
ESP Encryption
AH Transform
Transform
(Pick up to one)
(Pick up to one)
ah-md5-hmac
esp-des
ah-sha-hmac
esp-3des
esp-null
es-aes-128
esp-aes-192
esp-aes-256
esp-seal
Transform
ah-md5-hmac
ah-sha-hmac
esp-des
esp-3des
esp-null
esp-seal
OL-4015-08
To define a transform set, you specify one to three transforms. Each transform
represents an IPSec security protocol
want to use. When the particular transform set is used during negotiations for
IPSec security associations, the entire transform set (the combination of
protocols, algorithms, and other settings) must match a transform set at the remote
peer.
The following table lists the acceptable transform combination selections for the
AH and ESP protocols.
Authentication
Transform
(Pick up to one)
esp-md5-hmac
esp-sha-hmac
The following table describes each of the transforms.
Description
AH with the MD5 (HMAC variant) authentication algorithm.
AH with the SHA (HMAC variant) authentication algorithm.
ESP with the 56-bit DES encryption algorithm.
ESP with the 168-bit DES encryption algorithm (3DES or Triple DES)
Null encryption algorithm.
ESP with the 160-bit encryption key Software Encryption Algorithm (SEAL)
encryption algorithm.
Cisco Router and Security Device Manager Version 2.2 User's Guide
(AH
or ESP) plus the algorithm that you
IP Compression
Examples
Transform
(Total of 3 transforms
(Pick up to one)
allowed)
comp-lzs
1.
2.
3.
More About VPN
ah-md5-hmac
esp-3des and
esp-md5-hmac
ah-sha-hmac,
esp-des, and
esp-sha-hmac
30-23
Advertisement
Table of Contents
Troubleshooting
