1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. SA-VAM - VPN Acceleration Module
  6. Installation and configuration manual

Verifying Ike And Ipsec Configurations - Cisco SA-VAM - VPN Acceleration Module Installation And Configuration Manual

Vpn acceleration module 2+ (vam2+) installation and configuration guide
Hide thumbs
Table of Contents

Advertisement

Configuration Tasks
Another transform set example is "myset2," which uses Triple DES encryptions and MD5 (HMAC
variant) for data packet authentication:
crypto ipsec transform-set myset2 esp-3des esp-md5-hmac
A crypto map joins together the IPSec access list and transform set and specifies where the protected
traffic is sent (the remote IPSec peer):
crypto map toRemoteSite 10 ipsec-isakmp
match address 101
set transform-set myset2
set peer 10.2.2.5
The crypto map is applied to an interface:
interface Serial0
ip address 10.0.0.2
crypto map toRemoteSite
Note
In this example, IKE must be enabled.

Verifying IKE and IPSec Configurations

To view information about your IPSec configurations, use show crypto ipsec transform-set EXEC
command.
Note
If a user enters an IPSec transform that the hardware (the IPSec peer) does not support, a warning
message will be displayed in the show crypto ipsec transform-set output.
The following sample output from the show crypto ipsec transform-set command displays a warning
message after a user tries to configure an IPSec transform that the hardware does not support:
Router# show crypto ipsec transform-set
Transform set transform-1:{esp-256-aes esp-md5-hmac}
will negotiate = {Tunnel, },
WARNING:encryption hardware does not support transform
esp-aes 256 within IPSec transform transform-1
To view information about your IKE configurations, use show crypto isakmp policy EXEC command.
Note
If a user enters an IKE encryption method that the hardware does not support, a warning message will
be displayed in the show crypto isakmp policy output.
The following sample output from the show crypto isakmp policy command displays a warning
message after a user tries to configure an IKE encryption method that the hardware does not support:
Router# show crypto isakmp policy
Protection suite of priority 1
WARNING:encryption hardware does not support the configured
encryption method for ISAKMP policy 1
VPN Acceleration Module 2+ (VAM2+) Installation and Configuration Guide
4-18
encryption algorithm:
hash algorithm:
authentication method: Pre-Shared Key
AES - Advanced Encryption Standard (256 bit keys).
Secure Hash Standard
Chapter 4
Configuring the SA-VAM2+
OL-5979-03

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SA-VAM - VPN Acceleration Module and is the answer not in the manual?

Questions and answers

Related Manuals for Cisco SA-VAM - VPN Acceleration Module

Related Products for Cisco SA-VAM - VPN Acceleration Module

This manual is also suitable for:

Sa-vam2+

Table of Contents