Table of Contents
Advertisement
Table 11: Supported Transforms (continued)
Transform
Description
AH-SHA
IPSec performs AH protocol encapsulation using the SHA-1 hash function
with HMAC message authentication. SHA-1 is considered stronger than MD5.
ESP-MD5
IPSec performs ESP protocol encapsulation using the MD5 hash function with
HMAC message authentication.
ESP-SHA
IPSec performs ESP protocol encapsulation using the SHA-1 hash function
with HMAC message authentication. SHA-1 is considered stronger than MD5.
ESP-DES
IPSec performs ESP protocol encapsulation using the DES encryption
algorithm. DES uses a 56-bit symmetric key and is considered a weak
(breakable) encryption algorithm.
ESP-3DES
IPSec performs ESP protocol encapsulation using the 3DES encryption
algorithm. 3DES uses a 168-bit symmetric encryption key and is widely
accepted as a strong encryption algorithm. Export control issues apply to
products that ship from the USA with 3DES.
ESP-DES-MD5
Combination of ESP-MD5 and ESP-DES transforms.
ESP-DES-SHA
Combination of ESP-SHA and ESP-DES transforms.
ESP-3DES-MD5
Combination of ESP-MD5 and ESP-3DES transforms.
ESP-3DES-SHA
Combination of ESP-SHA and ESP-3DES transforms.
Table 12 on page 137 lists the security functions achieved with the supported
transforms, and provides a view of which combinations can be used, depending on
security requirements.
Table 12: Supported Security Transform Combinations
Security Type
Data authentication only
Data confidentiality only
Chapter 5: Configuring IPSec
Supported Transform Combinations
AH-HMAC-MD5
AH-HMAC-SHA
ESP-HMAC-MD5
ESP-HMAC-SHA
ESP-DES
ESP-3DES
IPSec Concepts
137
Advertisement
Table of Contents
