Table of Contents
Advertisement
Chapter 17
IP Security
Note
Data and address integrity without encryption (AH)
OL-4015-12
Encryption
Cisco SDM recognizes the following
ESP_DES. Encapsulating Security Payload (ESP), Data Encryption Standard
•
(DES). DES supports 56-bit encryption.
ESP_3DES. ESP, Triple DES. This is a stronger form of encryption than DES,
•
supporting 168-bit encryption.
ESP_AES_128. ESP, Advanced Encryption Standard (AES). Encryption with
•
a 128-bit key. AES provides greater security than DES and is computationally
more efficient than 3DES.
ESP_AES_192. ESP, AES encryption with a 192-bit key.
•
ESP_AES_256. ESP, AES encryption with a 256-bit key.
•
ESP_SEAL—ESP with the 160-bit encryption key Software Encryption
•
Algorithm (SEAL) encryption algorithm. SEAL (Software Encryption
Algorithm) is an alternative algorithm to software-based Data Encryption
Standard (DES), Triple DES (3DES), and Advanced Encryption Standard
(AES). SEAL encryption uses a 160-bit encryption key and has a lower
impact to the CPU when compared to other software-based algorithms.
•
ESP_NULL. Null encryption algorithm, but encryption transform used.
The types of ESP encryption available depend on the router. Depending on the
type of router you are configuring, one or more of these encryption types may not
be available.
This check box and the fields below it appear if you click Show Advanced.
Check this box if you want the router to provide Authentication Header (AH) data
and address integrity. The authentication header will not be encrypted.
Integrity Algorithm
Select one of the following:
AH_MD5_HMAC—Message Digest 5.
•
AH_SHA_HMAC—Security Hash Algorithm.
•
Cisco Router and Security Device Manager 2.5 User's Guide
ESP
encryption types:
Transform Set
17-19
Advertisement
Table of Contents
Troubleshooting
