12-03-2009 08:53 PM
Sir,
I would like to understand the reason why the below commands are given.
1. crypto ipsec transform-set Name esp-aes esp-sha-hmac
Here we see that this particular transform set is followed by mulitple options of encryption/authentication protocols.
first what is the purpose of the transform-set command.
second, are the protocols mentioned here for encryption / authentication / hashing ?
three, i happened to find a document which stated that this is used to identify "interesting traffic" , if so, then how does it work
2.tunnel-group 11.11.11.11 type ipsec-l2l
tunnel-group 11.11.11.11 ipsec-attributes
what do these two commands do ?
12-03-2009 10:52 PM
Hi,
For your first question go over this link, all are answered here - it will help you understand the overall concept of Ipsec standards
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml
As for your question on transform set, this defines security protocols or better said encryption type to be used in the tunnel policy.
The interesting traffic is defined by the access-list permiting the traffic.
2.tunnel-group 11.11.11.11 type ipsec-l2l
tunnel-group 11.11.11.11 ipsec-attributes
As for your second question tunnel-group command alone is used for when you want to configure a VPN tunnel , or ssl vpn, or ra vpn follow by a name you chose to reference by, in your case the tunnel-group is named 11.11.11.11 followed by the type of vpn in your case is a L2L vpn .
Under tunne-group you have other options which are general attribute and Ipsec attributes, and in each option there are other configuration categories for the tunnel , under tunnel-group
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide