Activatin AH in Cisco VPN Concentrator 3000

Answered Question
Jun 4th, 2008
User Badges:

I found a strange thing in our VPN concentrator 3000. Under IKe Proposal, I do not find if AH. Only ESP combination what I find. Any idea, how I would be able to activate that AH on my box?


Thanks

Arabinda

Correct Answer by Farrukh Haroon about 8 years 11 months ago

No problem at all, you should push them to use ESP anyway (even in future) as AH does not offer encryption and is not NAT/PAT aware.


Its only useful for some special purposes now (I think IPV6 OSPF uses it for security purposes).


Please rate helpful posts.


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Farrukh Haroon Tue, 06/10/2008 - 11:25
User Badges:
  • Red, 2250 points or more

Hey why do you want to use AH anyway, its lame :)


Anyway this is from Richard Deal's excellent book "The Complete Cisco VPN Configuration Guide"


"Please note that the concentrator doesn't support AH for L2L sessions, whereas the other VPN gateway products, like Cisco Routers, do." Pg 333



Regards


Farrukh

arabinda.sukla Tue, 06/10/2008 - 21:16
User Badges:

Hi Farrukh,


We are a offshore development center. Sometimes we need to use those IKE parameters which our client engineers want to. No worries time the client agreed to use ESP, so all set now.


Thank you for the valuable info.


Thanks

Arabinda

Correct Answer
Farrukh Haroon Tue, 06/10/2008 - 23:27
User Badges:
  • Red, 2250 points or more

No problem at all, you should push them to use ESP anyway (even in future) as AH does not offer encryption and is not NAT/PAT aware.


Its only useful for some special purposes now (I think IPV6 OSPF uses it for security purposes).


Please rate helpful posts.


Regards


Farrukh

Actions

This Discussion