cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
415
Views
0
Helpful
4
Replies

Activatin AH in Cisco VPN Concentrator 3000

arabinda.sukla
Level 1
Level 1

I found a strange thing in our VPN concentrator 3000. Under IKe Proposal, I do not find if AH. Only ESP combination what I find. Any idea, how I would be able to activate that AH on my box?

Thanks

Arabinda

1 Accepted Solution

Accepted Solutions

No problem at all, you should push them to use ESP anyway (even in future) as AH does not offer encryption and is not NAT/PAT aware.

Its only useful for some special purposes now (I think IPV6 OSPF uses it for security purposes).

Please rate helpful posts.

Regards

Farrukh

View solution in original post

4 Replies 4

hadbou
Level 5
Level 5

Refer to the "policy management" section of "VPN 3000 Series Concentrator Reference Volume I: Configuration, Release 4.1" present in the following url for more related information:

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_41/configuration/guide/polmgt.html

Hey why do you want to use AH anyway, its lame :)

Anyway this is from Richard Deal's excellent book "The Complete Cisco VPN Configuration Guide"

"Please note that the concentrator doesn't support AH for L2L sessions, whereas the other VPN gateway products, like Cisco Routers, do." Pg 333

Regards

Farrukh

Hi Farrukh,

We are a offshore development center. Sometimes we need to use those IKE parameters which our client engineers want to. No worries time the client agreed to use ESP, so all set now.

Thank you for the valuable info.

Thanks

Arabinda

No problem at all, you should push them to use ESP anyway (even in future) as AH does not offer encryption and is not NAT/PAT aware.

Its only useful for some special purposes now (I think IPV6 OSPF uses it for security purposes).

Please rate helpful posts.

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: