Cisco Cisco ASR 5000
Context Configuration Mode Commands A-D
▀ crypto ipsec transform-set
▄ Command Line Interface Reference, StarOS Release 18
2366
cipher
If ESP is enabled, this option must be used to set the encapsulation cipher protocol to one of the following:
3des-cbc
: Triple Data Encryption Standard (3DES) in chain block (CBC) mode.
aes-cbc-128
: Advanced Encryption Standard (AES) in CBC mode with a 128-bit key.
aes-cbc-256
: Advanced Encryption Standard (AES) in CBC mode with a 256-bit key.
des-cbc
: DES in CBC mode.
Usage
Use this command to create a transform set on the system.
Transform Sets are used to define IPSec security associations (SAs). IPSec SAs specify the IPSec protocols
to use to protect packets.
Transform sets are used during Phase 2 of IPSec establishment. In this phase, the system and a peer security
gateway negotiate one or more transform sets (IPSec SAs) containing the rules for protecting packets. This
negotiation ensures that both peers can properly protect and process the packets.
Transform Sets are used to define IPSec security associations (SAs). IPSec SAs specify the IPSec protocols
to use to protect packets.
Transform sets are used during Phase 2 of IPSec establishment. In this phase, the system and a peer security
gateway negotiate one or more transform sets (IPSec SAs) containing the rules for protecting packets. This
negotiation ensures that both peers can properly protect and process the packets.
Example
Create a transform set that has the name
tset1
, no authentication header, an encapsulating security protocol
header hash message authentication code of
md5
, and a bulk payload encryption algorithm of
des-cbc
with
the following command:
crypto ipsec transform-set tset1 ah hmac none esp hmac md5 cipher des-cbc