Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
Table 11: Supported Transforms (continued)
Transform
Description
ESP-SHA
IPSec performs ESP protocol encapsulation using the SHA-1 hash function
with HMAC message authentication. SHA-1 is considered stronger than MD5.
ESP-DES
IPSec performs ESP protocol encapsulation using the DES encryption
algorithm. DES uses a 56-bit symmetric key and is considered a weak
(breakable) encryption algorithm.
ESP-3DES
IPSec performs ESP protocol encapsulation using the 3DES encryption
algorithm. 3DES uses a 168-bit symmetric encryption key and is widely
accepted as a strong encryption algorithm. Export control issues apply to
products that ship from the USA with 3DES.
ESP-DES-MD5
Combination of ESP-MD5 and ESP-DES transforms.
ESP-DES-SHA
Combination of ESP-SHA and ESP-DES transforms.
ESP-3DES-MD5
Combination of ESP-MD5 and ESP-3DES transforms.
ESP-3DES-SHA
Combination of ESP-SHA and ESP-3DES transforms.
Table 12 on page 131 lists the security functions achieved with the supported transforms,
and provides a view of which combinations can be used, depending on security
requirements.
Table 12: Supported Security Transform Combinations
Security Type
Data authentication only
Data confidentiality only
Data authentication and confidentiality
The ISM does not support both the ESP and AH encapsulation modes concurrently on
the same secure tunnel.
Chapter 5: Configuring IPSec
Supported Transform Combinations
AH-HMAC-MD5
AH-HMAC-SHA
ESP-HMAC-MD5
ESP-HMAC-SHA
ESP-DES
ESP-3DES
ESP-DES-MD5
ESP-DES-SHA
ESP-3DES-MD5
ESP-3DES-SHA
131
Advertisement
Table of Contents
