Cisco Systems 7401ASR manual Defining Transform Sets, Command Purpose

Command

Purpose

Step 1

crypto ipsec transform-set

Defines a transform set and enters crypto

transform-set-name transform1 [transform2

transform configuration mode.

[transform3]]

Note Complex rules define which entries

you can use for the transform

arguments. These rules are explained

in the command description for the

crypto ipsec transform-set

command, and Table 4-1provides a

list of allowed transform

combinations.

Step 2

mode [tunnel transport]

Changes the mode associated with the

transform set. The mode setting is applicable

only to traffic whose source and destination

addresses are the IPSec peer addresses; it is

ignored for all other traffic. (All other traffic

is in tunnel mode only.)

Step 3

end

Exits the crypto transform configuration

mode to enabled mode.

Step 4

clear crypto sa

Clears existing IPSec security associations so

or

that any changes to a transform set take effect

clear crypto sa peer {ip-address

on subsequently established security

peer-name}

associations (SAs). (Manually established

or

SAs are reestablished immediately.)

clear crypto sa map map-name

Using the clear crypto sa command without

or

parameters clears out the full SA database,

clear crypto sa spi destination-address

which clears out active security sessions. You

protocol spi

may also specify the peer, map, or entry

keywords to clear out only a subset of the SA

database.

AH Transform1

ESP Encryption Transform1

ESP Authentication Transform2

Transform

Description

Transform

Description

Transform

Description

ah-md5-hmac

AH with MD5

esp-3des

ESP with 168-bit Triple

esp-md5-hmac

ESP with MD5

(HMAC variant)

DES encryption

(HMAC variant)

authentication

algorithm

authentication

algorithm

algorithm

Cisco 7401ASR Installation and Configuration Guide

4-4

OL-5419-01 B0