Chapter17 IP Security
Transform Set
17-16
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
ESP Encryption
Cisco SDM recognizes the following ESP encryption types:
ESP_DES—Encapsulating Security Payload (ESP), Data Encryption
Standard (DES). DES supports 56-bit encryption.
ESP_3DES—ESP, Triple DES. This is a stronger form of encryption than
DES, supporting 168-bit encryption.
ESP_AES_128—ESP, Advanced Encryption Standard (AES). Encryption
with a 128-bit key. AES provides greater security than DES and is
computationally more efficient than 3DES.
ESP_AES_192—ESP, AES encryption with a 192-bit key.
ESP_AES_256—ESP, AES encryption with a 256-bit key.
ESP_NULL—Null encryption algorithm, but encryption transform used.
ESP_SEAL—ESP with the 160-bit encryption key Software Encryption
Algorithm (SEAL) encryption algorithm. SEAL (Software Encryption
Algorithm) is an alternative algorithm to software-based Data Encryption
Standard (DES), Triple DES (3DES), and Advanced Encryption Standard
(AES). SEAL encryption uses a 160-bit encryption key and has a lower
impact to the CPU when compared to other software-based algorithms.
ESP Integrity
Indicates the integrity algorithm being used. This column will contain a value
when the transform set is configured to provide both data integrity and encryption.
The column will contain one of the following values:
ESP-MD5-HMAC—Message Digest 5, Hash-based Message Authentication
Code (HMAC).
ESP-SHA-HMAC—Security Hash Algorithm, HMAC.
AH Integrity
Indicates the integrity algorithm being used. This column will contain a value
when the transform set is configured to provide data integrity but not encryption.
The column will contain one of the following values:
AH-MD5-HMAC—Message Digest 5.
AH-SHA-HMAC—Security Hash Algorithm.