Transform Sets
A transform set is a combination of up
to three individual IPSec transforms designed to implement a specific security
policy for secure data transmission. The transform sets represent the choices
available during IPSec security negotiation between two IPSec peers. The peers
must agree to use a particular transform set for protecting a particular data
flow or the exchange can’t occur. Transform sets are limited to no more than one
AH transform, plus no more than two ESP transforms: one for encryption and one
for authentication.
Some possible examples of acceptable transform combinations
include the following:
-
ah-md5-hmac AH protocol with MD5 authentication
-
esp-des ESP protocol with DES encryption
-
esp-3des and esp-md5-hmac ESP protocol with DES encryption,
plus ESP MD5 authentication
-
ah-sha-hmac and esp-des and esp-sha-hmac AH protocol with
SHA-1 authentication, ESP DES encryption, plus ESP SHA-1 authentication
-
ah-rfc1828 and esp-rfc1829 Legacy AH protocol with ESP
encryption
When configuring transform sets, the parser prevents you from
entering invalid combinations. Transform sets are discussed in greater detail in
Chapters 10 and
11 when
configuring IPSec is covered. cp9Cisco IOS Cry
Sections
Comments (0 posted)
Syndication
