Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Activatin AH in Cisco VPN Concentrator 3000

I found a strange thing in our VPN concentrator 3000. Under IKe Proposal, I do not find if AH. Only ESP combination what I find. Any idea, how I would be able to activate that AH on my box?

Thanks

Arabinda

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Activatin AH in Cisco VPN Concentrator 3000

No problem at all, you should push them to use ESP anyway (even in future) as AH does not offer encryption and is not NAT/PAT aware.

Its only useful for some special purposes now (I think IPV6 OSPF uses it for security purposes).

Please rate helpful posts.

Regards

Farrukh

4 REPLIES
Bronze

Re: Activatin AH in Cisco VPN Concentrator 3000

Refer to the "policy management" section of "VPN 3000 Series Concentrator Reference Volume I: Configuration, Release 4.1" present in the following url for more related information:

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_41/configuration/guide/polmgt.html

Re: Activatin AH in Cisco VPN Concentrator 3000

Hey why do you want to use AH anyway, its lame :)

Anyway this is from Richard Deal's excellent book "The Complete Cisco VPN Configuration Guide"

"Please note that the concentrator doesn't support AH for L2L sessions, whereas the other VPN gateway products, like Cisco Routers, do." Pg 333

Regards

Farrukh

New Member

Re: Activatin AH in Cisco VPN Concentrator 3000

Hi Farrukh,

We are a offshore development center. Sometimes we need to use those IKE parameters which our client engineers want to. No worries time the client agreed to use ESP, so all set now.

Thank you for the valuable info.

Thanks

Arabinda

Re: Activatin AH in Cisco VPN Concentrator 3000

No problem at all, you should push them to use ESP anyway (even in future) as AH does not offer encryption and is not NAT/PAT aware.

Its only useful for some special purposes now (I think IPV6 OSPF uses it for security purposes).

Please rate helpful posts.

Regards

Farrukh

130
Views
0
Helpful
4
Replies