Chapter11 Site-to-Site VPN
Create Site to Site VPN
11-12
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
AH Authentication
The type of Authentication Header (AH) authentication used. If AH
authentication is not configured for this transform set, this column will be empty.
IP Compression
If IP compression is configured for this transform set, this field contains the value
COMP-LZS.
Note IP compression is not supported on all routers.
Mode
This column contains one of the following:
Transport—Encrypt data only. Transport mode is used when both endpoints
support IPsec. Transport mode places the authentication header or
encapsulated security payload after the original IP header; thus, only the IP
payload is encrypted. This method allows users to apply network services
such as quality-of-service (QoS) controls to encrypted packets.
Tunnel—Encrypt data and IP header. Tunnel mode provides stronger
protection than transport mode. Because the entire IP packet is encapsulated
within AH or ESP, a new IP header is attached, and the entire datagram can
be encrypted. Tunnel mode allows network devices such as routers to act as
an IPsec proxy for multiple VPN users.
Type
Either User Defined, or Cisco SDM Default.
What Do You Want to Do?
If you want to: Do this:
Select a transform set for the VPN to
use.
Select a transform set, and click Next.
Add a transform set to the router’s
configuration.
Click Add, and create the transform set in the Add Transform
Set window. Then click Next to continue VPN configuration.