Configuration - IPSec Mode

no transform-set

Use the IPSec no transform-setcommand to disable Perfect Forward Secrecy. To enable PFS, see transform-setcommand on page 14-20.

Syntax: (config-ipsec-{n})# no transform-set {ah-md5ah-shaesp-3des esp-aesesp-aes192esp-aes256esp-desesp-md5esp-nullesp-sha ipcomp}

Field

Definition

ah-md5

Authentication Header transform using MD5 authentication. Default.

 

 

ah-sha

Authentication Header transform using Secure Hash Algorithm

 

(SHA1) authentication. Default.

 

 

esp-aes

Encapsulating Security Payload (ESP) encryption transform using

 

Advanced Encryption Standard (AES) 128-bit encryption.

 

 

esp-aes192

Encapsulating Security Payload (ESP) encryption transform using

 

Advanced Encryption Standard (AES) 128-bit encryption.

 

 

esp-aes256

Encapsulating Security Payload (ESP) encryption transform using

 

Advanced Encryption Standard (AES) 256-bit encryption.

 

 

esp-des

Encapsulating Security Payload (ESP) encryption transform using

 

Data Encryption Standard (DES) 56-bit encryption.

 

 

esp-3des

Encapsulating Security Payload (ESP) encryption transform using

 

Data Encryption Standard (DES) 168-bit encryption.

 

 

esp-null

Encapsulating Security Payload (ESP) encryption transform using no

 

encryption.

 

 

esp-md5

Encapsulating Security Payload (ESP) encryption transform using

 

Message-Digest Algorithm 5 (MD5) authentication. Default.

 

 

esp-sha

Encapsulating Security Payload (ESP) encryption transform using

 

Secure Hash Algorithm (SHA1) authentication. Default.

 

 

ipcomp

IP Payload Compression Protocol (IPComp) compression.

 

 

Example: (config-ipsec-1)# no transform-set esp-md5

Supported Platforms: Adit 3104, Adit 3200, Adit 3500, MSR

14-16

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI

Page 336
Image 336
Carrier Access none manual No transform-set