Transform-set, Transform-set -20 – Carrier Access Adit 3000 Series and Multi-Service Router (MSR) Card none User Manual

14-20

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI

Configuration - IPSec Mode

transform-set

Use the IPSec transform-set command to set the allowable encryption methods, authentication
protocols and to enable compression during automatic key exchange. To disable encryption/
authentication/compression, see no transform-set command on page 14-16.

Syntax:

(config-ipsec-{

n})# transform-set {ah-md5|ah-sha|esp-3des| esp-

aes|esp-aes192|esp-aes256|esp-des|esp-md5|esp-null|esp-sha

|ipcomp}

Example:

(config-ipsec-1)# transform-set esp-aes

Supported Platforms:

Adit 3104, Adit 3200, Adit 3500, MSR

Field

Definition

ah-md5

Authentication Header transform using MD5 authentication. Default.

ah-sha

Authentication Header transform using Secure Hash Algorithm
(SHA1) authentication. Default.

esp-aes

Encapsulating Security Payload (ESP) encryption transform using
Advanced Encryption Standard (AES) 128-bit encryption.

esp-aes192

Encapsulating Security Payload (ESP) encryption transform using
Advanced Encryption Standard (AES) 128-bit encryption.

esp-aes256

Encapsulating Security Payload (ESP) encryption transform using
Advanced Encryption Standard (AES) 256-bit encryption.

esp-des

Encapsulating Security Payload (ESP) encryption transform using
Data Encryption Standard (DES) 56-bit encryption.

esp-3des

Encapsulating Security Payload (ESP) encryption transform using
Data Encryption Standard (DES) 168-bit encryption.

esp-null

Encapsulating Security Payload (ESP) encryption transform using no
encryption.

esp-md5

Encapsulating Security Payload (ESP) encryption transform using
Message-Digest Algorithm 5 (MD5) authentication. Default.

esp-sha

Encapsulating Security Payload (ESP) encryption transform using
Secure Hash Algorithm (SHA1) authentication. Default.

ipcomp

IP Payload Compression Protocol (IPComp) compression.