Authentication headers (AHs) provide data integrity, anti-replay, and data origin authentication.
Encapsulating Security Payload (ESP) provides data integrity, anti-replay, data origin authentication, and data confidentiality.
The maximum number of transformations in the crypto ipsec transform-set command is three.
The ip local pool command is used to create a pool of IP addresses used by remote access clients using PPTP or L2TP.
Internet Key Exchange (IKE) is a hybrid protocol used to exchange keys.
AH and ESP can both be used at the same time. ESP is performed first and then encapsulated inside the AH.
The clear ipsec sa command is used to delete or clear all the current security associations.
Security associations can be created using either IKE dynamically or a manual process.