Transform Sets
| Transform sets consists of transforms. The transforms are the encryption and hashing algorithms that will be used to protect data traffic flowing across the IPSec tunnel. Transform sets can contain a combination of AH and ESP transforms. Transform sets can also contain only an AH transform or an ESP transform.
For the exam, you should be familiar with the transforms displayed in Figure 9.9. Figure 9.9. IPSec transforms. You can choose up to one AH transform, up to one ESP hash transform, and up to one ESP encryption transform. How Are Transform Sets Negotiated?During IKE Phase 2, the IPSec peers begin quick mode to negotiate transform sets. For an IPSec tunnel to be successfully negotiated, there must be at least one matching transform set on each peer. Configuring Transform SetsThe command syntax to configure a transform set is [View full width]
Suppose your organization's security policy dictates that ESP should be used to protect data traffic and that the most secure encryption and hash protocols should be used. The configuration of this requirement would look like the following: Router(config)# crypto ipsec transform-set EXAMCRAM2 esp-3des esp-sha-hmac
It is that easy to specify the IPSec security protocols. You can also configure multiple transform sets by using a different transform-set-name . Obviously, the EXAMCRAM2 characters are simply a name for this transform set.  |
[transform3]] 