basic question

Unanswered Question
Sep 5th, 2007
User Badges:

hi all,

I would like to know what is requirement of configuring transform-set?

while creating isakmp policy we had already defined confidentiality, integrity and authetication

then we also define in crypto maps.

thanking you,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 09/05/2007 - 10:26
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Prashanth

An IPSEC tunnel is formed in two phases.

1) Phase 1 deals with the establishement of a secure tunnel between the 2 VPN peers. In this phase keys are created and exchanged.

2) Phase 2 deals with the establisement of the actual tunnel (SA - security association) that transmits the data.

Think of this way. In order to setup secure tunnels for data transfer (Phase 2) you need to have a secure communication already established between the peers (Phase 1).

The two phases can use totally different encryption and authentication algorithms so you need to define both sets in your configuration.

Phase 1 = isakmp settings

Phase 2 = transform-set/crypto map settings.



bethamprashanth Sat, 09/08/2007 - 05:50
User Badges:

hi jon,

Thanks alot for feedback. it has solve lot of confusion.

i would like some troubleshoot commands for verifying phase1 and phase2 process.

and which part you need to stress in output.


This Discussion