beautypg.com

2 adding a new transform set – Motorola Series Switch WS5100 User Manual

Page 271

background image

Switch Security

6-47

4. Revise the following information as required to render the existing transform set useful.

5. Refer to the

Status

field for the current state of the requests made from applet. This field displays error

messages if something goes wrong in the transaction between the applet and the switch.

6. Click

OK

to use the changes to the running configuration and close the dialog.

7. Click

Cancel

to close the dialog without committing updates to the running configuration.

6.8.1.2 Adding a New Transform Set

A transform set represents a combination of security protocols and algorithms. During the IPSec security
association negotiation, peers agree to use a particular transform set for protecting data flow. If the
attributes of an existing transform set no longer lend themselves as useful, and an existing transform set is
not required, create a new transform set to meet the needs of your network.

To edit the attributes of an existing transform set:

1. Select

Security

>

IPSec VPN

from the main menu tree.

2. Click the

Configuration

tab.

Name

The name is read-only and cannot be modified unless a new transform set is created.

AH Authentication
Scheme

Select the

Use AH

checkbox (if necessary) to modify the AH Transform Authentication

scheme. Options include:

• None - No AH authentication is used.

• AH-MD5-HMAC - AH with the MD5 (HMAC variant) authentication algorithm.

• AH-SHA-HMAC - AH with the SHA (HMAC variant) authentication algorithm.

ESP Encryption
Scheme

Select the

Use ESP

checkbox (if necessary) to modify the ESP Encryption Scheme. Options

include:

• None - No ESP encryption is used with the transform set.

• ESP-DES - ESP with the 56-bit DES encryption algorithm.

• ESP-3DES - ESP with 3DES, ESP with AES.

• ESP-AES - ESP with 3DES, ESP with AES (128 bit key).

• ESP-AES 192 - ESP with 3DES, ESP with AES (192 bit key).

• ESP-AES 256- ESP with 3DES, ESP with AES (256 bit key).

ESP Authentication
Scheme

Select the

Use ESP

checkbox (if necessary) to modify the ESP Authentication Scheme.

Options include:

• None - No ESP authentication is used with the transform set.

• MD5-HMAC - AH with the MD5 (HMAC variant) authentication algorithm.

• SHA-HMAC - AH with the SHA (HMAC variant) authentication algorithm.

Mode

Modify (if necessary) the current mode used with the transform set. The mode is either
Tunnel or Transport.