Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Add/Edit IPsec Proposal (Transform Set)

68-21

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter68 Configuring IKE, Load Balancing, and NAC

Configuring IPsec

–

Integrity Hash—Shows the hash algorithm that ensures data integrity for the ESP protocol. It

ensures that a packet comes from whom you think it comes from, and that it has not been

modified in transit.

•Add—Opens the Add IPsec Proposal dialog box, in which you can add a new proposal.

•Edit—Opens the Edit IPsec Proposal dialog box, in which you can modify an existing proposal.

•Delete—Removes the selected proposal. There is no confirmation or undo.

Modes

The following table shows the modes in which this feature is available:

Add/Edit IPsec Proposal (Transform Set)

Use this pane to add or modify an IPsec IKEv1 transform set. A transform is a set of operations done on

a data flow to provide data authentication, data confidentiality, and data compression. For example, one

transform is the ESP protocol with 3DES encryption and the HMAC-MD5 authentication algorithm

(ESP-3DES-MD5).

Fields

•Set Name—Specifies a name for this transform set.

•Properties—Configures properties for this transform set. These properties appear in the Transform

Sets table.

–

Mode—Shows the mode, Tunnel, of the transform set. This field shows the mode for applying

ESP encryption and authentication; in other words, what part of the original IP packet has ESP

applied. Tunnel mode applies ESP encryption and authentication to the entire original IP packet

(IP header and data), thus hiding the ultimate source and destination addresses.

–

ESP Encryption—Choose the Encapsulating Security Protocol (ESP) encryption algorithms

for the transform sets. ESP provides data privacy services, optional data authentication, and

anti-replay services. ESP encapsulates the data being protected.

–

ESP Authentication—Choose the ESP authentication algorithms for the transform sets.

Note The IPsec ESP (Encapsulating Security Payload) protocol provides both encryption and

authentication. Packet authentication proves that data comes from whom you think it comes

from; it is often referred to as “data integrity.”

Modes

The following table shows the modes in which this feature is available:

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

•—•——

Cisco Systems Add/Edit IPsec Proposal (Transform Set)