Activatin AH in Cisco VPN Concentrator 3000

Answered Question
Jun 4th, 2008

I found a strange thing in our VPN concentrator 3000. Under IKe Proposal, I do not find if AH. Only ESP combination what I find. Any idea, how I would be able to activate that AH on my box?

Thanks

Arabinda

I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 8 years 7 months ago

No problem at all, you should push them to use ESP anyway (even in future) as AH does not offer encryption and is not NAT/PAT aware.

Its only useful for some special purposes now (I think IPV6 OSPF uses it for security purposes).

Please rate helpful posts.

Regards

Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Farrukh Haroon Tue, 06/10/2008 - 11:25

Hey why do you want to use AH anyway, its lame :)

Anyway this is from Richard Deal's excellent book "The Complete Cisco VPN Configuration Guide"

"Please note that the concentrator doesn't support AH for L2L sessions, whereas the other VPN gateway products, like Cisco Routers, do." Pg 333

Regards

Farrukh

arabinda.sukla Tue, 06/10/2008 - 21:16

Hi Farrukh,

We are a offshore development center. Sometimes we need to use those IKE parameters which our client engineers want to. No worries time the client agreed to use ESP, so all set now.

Thank you for the valuable info.

Thanks

Arabinda

Correct Answer
Farrukh Haroon Tue, 06/10/2008 - 23:27

No problem at all, you should push them to use ESP anyway (even in future) as AH does not offer encryption and is not NAT/PAT aware.

Its only useful for some special purposes now (I think IPV6 OSPF uses it for security purposes).

Please rate helpful posts.

Regards

Farrukh

Actions

This Discussion