Table of Contents
Advertisement
Supported IKE Transforms and Algorithms
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
•
Note
•
•
•
Supported IKE Transforms and Algorithms
The component technologies implemented for IKE include the following transforms:
•
•
•
•
Note
•
•
•
Cisco MDS 9000 Family Configuration Guide
30-6
Triple DES (3DES) is a stronger form of DES with 168-bit encryption keys that allow sensitive
information to be transmitted over untrusted networks.
Cisco SAN-OS images with strong encryption are subject to United States government export
controls, and have a limited distribution. Images to be installed outside the United States require
an export license. Customer orders might be denied or subject to delay due to United States
government regulations. Contact your sales representative or distributor for more information,
or send e-mail to export@cisco.com.
Message Digest 5 (MD5) is a hash algorithm with the HMAC variant. HMAC is a keyed hash variant
used to authenticate data.
Secure Hash Algorithm (SHA-1) is a hash algorithm with the Hash Message Authentication Code
(HMAC) variant.
AES-XCBC-MAC is a Message Authentication Code (MAC) using the AES algorithm.
Diffie-Hellman (DH) is a public-key cryptography protocol which allows two parties to establish a
shared secret over an unsecure communications channel. Diffie-Hellman is used within IKE to
establish session keys. Group 1 (768-bit), Group 2 (1024-bit), and Group 5 (1536-bit) groups are
supported.
Advanced Encrypted Standard (AES) is an encryption algorithm. It implements either 128 bits using
Cipher Block Chaining (CBC) or counter mode.
Data Encryption Standard (DES) is used to encrypt packet data and implements the mandatory
56-bit DES-CBC. CBC requires an initialization vector (IV) to start encryption. The IV is explicitly
given in the IPsec packet.
Triple DES (3DES) is a stronger form of DES with 168-bit encryption keys that allow sensitive
information to be transmitted over untrusted networks.
Cisco SAN-OS images with strong encryption are subject to United States government export
controls, and have a limited distribution. Images to be installed outside the United States require
an export license. Customer orders might be denied or subject to delay due to United States
government regulations. Contact your sales representative or distributor for more information,
or send e-mail to export@cisco.com.
Message Digest 5 (MD5) is a hash algorithm with the HMAC variant. HMAC is a keyed hash variant
used to authenticate data.
Secure Hash Algorithm (SHA-1) is a hash algorithm with the Hash Message Authentication Code
(HMAC) variant.
The switch authentication algorithm uses the preshared keys based on the IP address (see
the Global Preshared Key" section on page 28-6
Chapter 30
Configuring IPsec Network Security
for more information on preshared keys).
OL-6973-03, Cisco MDS SAN-OS Release 2.x
"Setting
Advertisement
Table of Contents
Need help?
Do you have a question about the DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor and is the answer not in the manual?
Questions and answers