2 adding a new transform set – Motorola Series Switch WS5100 User Manual
Page 271
Switch Security
6-47
4. Revise the following information as required to render the existing transform set useful.
5. Refer to the
Status
field for the current state of the requests made from applet. This field displays error
messages if something goes wrong in the transaction between the applet and the switch.
6. Click
OK
to use the changes to the running configuration and close the dialog.
7. Click
Cancel
to close the dialog without committing updates to the running configuration.
6.8.1.2 Adding a New Transform Set
A transform set represents a combination of security protocols and algorithms. During the IPSec security
association negotiation, peers agree to use a particular transform set for protecting data flow. If the
attributes of an existing transform set no longer lend themselves as useful, and an existing transform set is
not required, create a new transform set to meet the needs of your network.
To edit the attributes of an existing transform set:
1. Select
Security
>
IPSec VPN
from the main menu tree.
2. Click the
Configuration
tab.
Name
The name is read-only and cannot be modified unless a new transform set is created.
AH Authentication
Scheme
Select the
Use AH
checkbox (if necessary) to modify the AH Transform Authentication
scheme. Options include:
• None - No AH authentication is used.
• AH-MD5-HMAC - AH with the MD5 (HMAC variant) authentication algorithm.
• AH-SHA-HMAC - AH with the SHA (HMAC variant) authentication algorithm.
ESP Encryption
Scheme
Select the
Use ESP
checkbox (if necessary) to modify the ESP Encryption Scheme. Options
include:
• None - No ESP encryption is used with the transform set.
• ESP-DES - ESP with the 56-bit DES encryption algorithm.
• ESP-3DES - ESP with 3DES, ESP with AES.
• ESP-AES - ESP with 3DES, ESP with AES (128 bit key).
• ESP-AES 192 - ESP with 3DES, ESP with AES (192 bit key).
• ESP-AES 256- ESP with 3DES, ESP with AES (256 bit key).
ESP Authentication
Scheme
Select the
Use ESP
checkbox (if necessary) to modify the ESP Authentication Scheme.
Options include:
• None - No ESP authentication is used with the transform set.
• MD5-HMAC - AH with the MD5 (HMAC variant) authentication algorithm.
• SHA-HMAC - AH with the SHA (HMAC variant) authentication algorithm.
Mode
Modify (if necessary) the current mode used with the transform set. The mode is either
Tunnel or Transport.