OcNOS-SP : System Management Guide : System Management Command Reference : OSPFv3 IPSec Authentication Commands : crypto ipsec transform-set
crypto ipsec transform-set
Use this command to configure a transform set that defines protocols and algorithm settings to apply to IPSec protected traffic.
During the IPSec security association negotiation, the peers agree to use a particular transform-set to be used for protecting a particular data flow.
Several transform-sets can be specified and associated with a crypto map entry.
A transform set defines the IPSec security protocols: Encapsulation Security Protocol (ESP) or Authentication Header (AH), and also specifies which algorithms to use with the selected security protocol.
Command Syntax
crypto ipsec transform-set NAME ah (none|ah-md5|ah-sha1|ah-sha256|ah-sha384|ah-sha512)
crypto ipsec transform-set NAME esp-auth (none|esp-md5|esp-sha1|esp-sha256|espsha384|esp-sha512) esp-enc (esp-null|esp-3des|esp-aes|esp-aes192|esp-aes256|espblf|esp-blf192|esp-blf256|esp-cast)
crypto ipsec transform-set NAME mode (transport)
no crypto ipsec transform-set NAME mode
no crypto ipsec transform-set NAME
Parameters
NAME
Name of the transform set.
mode
Change the transform-set mode to tunnel or transport.
transport
The payload (data) of the original IP packet is protected.
ah
Authentication Header protocol provides data authentication.
none
No authentication.
ah-md5
Authentication Header with Message Digest 5 (MD5) Hashed Message Authentication Code (HMAC) variant.
ah-sha1
Authentication Header with Secure Hash Algorithm 1 (SHA-1) Hashed Message Authentication Code (HMAC) variant.
ah-sha256
Authentication Header with Secure Hash Algorithm 256 (SHA-256) Hashed Message Authentication Code (HMAC) variant.
ah-sha384
Authentication Header with Secure Hash Algorithm 384 (SHA-384) Hashed Message Authentication Code (HMAC) variant.
ah-sha512
Authentication Header with Secure Hash Algorithm 512 (SHA-512) Hashed Message Authentication Code (HMAC) variant.
esp-auth
Encapsulating Security Payload authentication protocol provides data authentication.
none
No authentication.
esp-md5
Encapsulating Security Payload with Message Digest 5 (MD5) Hashed Message Authentication Code (HMAC) variant.
esp-sha1
Encapsulating Security Payload with Secure Hash Algorithm 1 (SHA-1) Hashed Message Authentication Code (HMAC) variant.
esp-sha256
Encapsulating Security Payload with Secure Hash Algorithm 256 (SHA-256) Hashed Message Authentication Code (HMAC) variant.
esp-sha384
Encapsulating Security Payload with Secure Hash Algorithm 384 (SHA-384) Hashed Message Authentication Code (HMAC) variant.
esp-sha512
Encapsulating Security Payload with Secure Hash Algorithm 512 (SHA-512) Hashed Message Authentication Code (HMAC) variant.
esp-enc
Encapsulating Security Payload encryption protocol
esp-null
Encapsulating Security Payload null encryption.
esp-3des
Encapsulating Security Payload with 168-bit DES encryption (3DES or Triple DES).
esp-aes
Alternative AES.
esp-aes192
Alternative AES192.
esp-aes256
Alternative AES256.
esp-blf
Alternative Blowfish.
esp-blf192
Alternative Blowfish192.
esp-blf256
Alternative Blowfish256.
esp-cast
Alternative Cast (IKEv1 not supported).
Command Mode
Configure mode
Example
#configure terminal
(config)#crypto ipsec transform-set TEST_ESP esp-auth esp-md5 esp-enc esp-3des
(config)#crypto ipsec transform-set TEST_AH ah ah-sha512
 
Last modified date: 08/28/2023