40-23
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter40 More About....
More About VPN
Allowable Transform Combinations
To define a transform set, you specify one to three transforms. Each transform
represents an IPSec security protocol (AH or ESP) plus the algorithm that you
want to use. When the particular transform set is used during negotiations for
IPSec security associations, the entire transform set (the combination of
protocols, algorithms, and other settings) must match a transform set at the remote
peer.
The following table lists the acceptable transform combination selections for the
AH and ESP protocols.
The following table describes each of the transforms.
AH Transform
(
Pick up to one
)
ESP Encryption
Transform
(
Pick up to one
)
Authentication
Transform
(
Pick up to one
)
IP Compression
Transform
(
Pick up to one
)
Examples
(Total of 3 transforms
allowed)
ah-md5-hmac
ah-sha-hmac
esp-des
esp-3des
esp-null
es-aes-128
esp-aes-192
esp-aes-256
esp-seal
esp-md5-hmac
esp-sha-hmac
comp-lzs 1. ah-md5-hmac
2. esp-3des and
esp-md5-hmac
3. ah-sha-hmac,
esp-des, and
esp-sha-hmac
Transform Description
ah-md5-hmac AH with the MD5 (HMAC variant) authentication algorithm.
ah-sha-hmac AH with the SHA (HMAC variant) authentication algorithm.
esp-des ESP with the 56-bit DES encryption algorithm.
esp-3des ESP with the 168-bit DES encryption algorithm (3DES or Triple DES)
esp-null Null encryption algorithm.
esp-seal ESP with the 160-bit encryption key Software Encryption Algorithm (SEAL)
encryption algorithm.