Appendix B
|
| Site to Site VPN Policies |
|
Table | IPSec Proposal Page (continued) | ||
|
|
| |
Element |
| Description | |
|
|
| |
Transform Sets |
| The transform set(s) to use for your tunnel policy. Transform sets | |
|
| specify which authentication and encryption algorithms will be | |
|
| used to secure the traffic in the tunnel. | |
|
| Note Transform sets may use tunnel mode or transport mode of | |
|
| IPSec operation. When IPSec or Easy VPN is the assigned | |
|
| technology, you cannot use transport mode. | |
|
| A default transform set is displayed. If you want to use a different | |
|
| transform set, or select additional transform sets, click Select to | |
|
| open a dialog box that lists all available transform sets, and in which | |
|
| you can create transform set objects. For more information, see | |
|
| IPSec Transform Sets Page, page | |
|
| If more than one of your selected transform sets is supported by | |
|
| both peers, the transform set that provides the highest security will | |
|
| be used. | |
|
| Note You can select up to six transform sets. | |
|
| For more information, see About Transform Sets, page | |
|
| ||
Enable Perfect Forward Secrecy | When selected, enables the use of Perfect Forward Secrecy (PFS) to | ||
|
| generate and use a unique session key for each encrypted exchange. | |
|
| The unique session key protects the exchange from subsequent | |
|
| decryption, even if the entire exchange was recorded and the | |
|
| attacker has obtained the preshared and/or private keys used by the | |
|
| endpoint devices. | |
|
| Note To enable PFS, you must also select a | |
|
| for generating the PFS session key. | |
|
|
|
|
|
| User Guide for Cisco Security Manager 3.0.1 |
|
|
|
|
| ||
|
|
| ||
|
|
|