Table of Contents
Advertisement
Chapter 4
Configuring the VPN Acceleration Module
Table 4-1
Allowed Transform Combinations (continued)
1
AH Transform
ah-sha-hmac
AH with SHA
(HMAC variant)
authentication
algorithm
1. Pick one transform option.
2. Pick one transform option, but only if you selected esp-null or ESP encrypting transform.
Creating Crypto Map Entries
To create crypto map entries that use IKE to establish the security associations, use the following
commands, starting in global configuration mode:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
OL-5419-01 B0
ESP Encryption Transform
esp-des
ESP with 56-bit DES
encryption algorithm
esp-null
ESP transform without
cipher
Command
crypto map map-name seq-num
ipsec-isakmp
match address access-list-id
set peer {hostname | ip-address}
set transform-set transform-set-name1
[transform-set-name2...transform-set-na
me6]
end
Repeat these steps to create additional crypto map entries as required.
1
ESP Authentication Transform
esp-sha-hmac
Purpose
Creates the crypto map and enters crypto map
configuration mode.
Specifies an extended access list. This access
list determines which traffic is protected by
IPSec and which is not.
Specifies a remote IPSec peer. This is the peer
to which IPSec-protected traffic can be
forwarded.
Repeat for multiple remote peers.
Specifies which transform sets are allowed for
this crypto map entry. Lists multiple transform
sets in order of priority (highest priority first).
Exits crypto map configuration mode.
Cisco 7401ASR Installation and Configuration Guide
Configuration Tasks
2
ESP with SHA
(HMAC variant)
authentication
algorithm
4-5
Advertisement
Table of Contents
Troubleshooting
