Cisco Systems ISA550 Manual De Usuario

Configuring a Site-to-Site VPN

Cisco ISA500 Series Integrated Security Appliances Administration Guide

351

 

A transform set specifies the algorithms of integrity and encryption that the peer 
will use to protect data communications. Two peers must use the same algorithm 
to communicate. 

Up to 16 transform sets can be configured on the security appliance. 

Click VPN > Site-to-Site > Transform Policies.

The Transform Sets window opens. The default and custom transform sets are 
listed in the table. 

To add a new transform set, click Add.

Other options: To edit an entry, click the Edit (pencil) icon. To delete an entry, click 
the Delete (x) icon. To delete multiple entries, check them and click Delete. The 
default transform set (DefaultTrans) cannot be edited or deleted. 

The Transform Set - Add/Edit window opens.

Enter the following information:

•

Name: Enter the name for the transform set. 

•

Integrity: Choose the HASH algorithm used to ensure the data integrity. It 
ensures that a packet comes from where it says it comes from, and that it has 
not been modified in transit. 

-

ESP_SHA1_HMAC: Authentication with SHA1 (160-bit).

-

ESP_MD5_HMAC: Authentication with MD5 (128-bit). MD5 has a smaller 
digest and is considered to be slightly faster than SHA1. A successful (but 
extremely difficult) attack against MD5 has occurred; however, the HMAC 
variant that IKE uses prevents this attack.

•

Encryption: Choose the symmetric encryption algorithm that protects data 
transmission between two IPsec peers. The default is ESP_3DES. The 
Advanced Encryption Standard supports key lengths of 128, 192, 256 bits. 

-

ESP_3DES: Encryption with 3DES (168-bit).

-

ESP_AES_128: Encryption with AES (128-bit).

-

ESP_AES_192: Encryption with AES (192-bit).

-

ESP_AES_256: Encryption with AES (256-bit).

Click OK to save your settings.