B-41
User Guide for CiscoSecurity Manager3.0.1
OL-8214-02
AppendixB Site-to-Site VPN User Interface Reference Site to Site VPN Policies
Transform Sets The transform set(s) to use for your tunnel policy. Transform sets
specify which authentication and encryption algorithms will be
used to secure the traffic in the tunnel.
Note Transform sets may use tunnel mode or transport mode of
IPSec operation. When IPSec or Easy VPN is the assigned
technology, you cannot use transport mode.
A default transform set is displayed. If you want to use a different
transform set, or select additional transform sets, click Select to
opena dialog box that lists all available transform sets, and in which
you can create transform set objects. For more information, see
IPSec Transform Sets Page, page C-130.
If more than one of your selected transform sets is supported by
both peers, the transform set that provides the highest security will
be used.
Note You can select up tosix transform sets.
For more information, see About Transform Sets, page9-64.
Enable Perfect Forward Secrecy When selected,enables the useof PerfectForward Secrecy(PFS) to
generate and use a unique session key for each encrypted exchange.
The unique session key protects the exchange from subsequent
decryption, even if the entire exchange was recorded and the
attacker has obtained the preshared and/or privatekeys used by the
endpoint devices.
Note Toenable PFS, you must also select a Diffie-Hellman group
for generating the PFS session key.
TableB-15 IPSec Proposal Page (continued)
Element Description