Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how config VPN without encryption ?!

Hi all,

Friends, I going to use two VPN connection between Cisco ASA's. One for data traffic (VPN encryption connections) and second for video traffic (NOT encryption VPN connection) ... I know how config VPN using ASDM. but i do not know how config VPN without encryption... ;)

3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: how config VPN without encryption ?!

You can achive this by using the following (If I understand your requirements correctly):

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c5_72.html#wp2064589

crypto ipsec transform-set transform-set-name esp-null esp-sha-hmac

Regards

Farrukh

New Member

Re: how config VPN without encryption ?!

Hello,

Like Farrukh has suggested you change the IKE parameters for your second tunnel where the video traffic go through by editing the IKE policy and choosing ESP-NULL as encryption algorithm.

http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/vpn_ike.html

Hope this helps

Re: how config VPN without encryption ?!

The first solution I gave you (esp-null) is exactly that! "VPN without enryption."

Just try it out and it will help to understand things better.

What is the reason for such a configuration btw, maybe I can suggest something else?

Regards

Farrukh

18 REPLIES

Re: how config VPN without encryption ?!

You can achive this by using the following (If I understand your requirements correctly):

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c5_72.html#wp2064589

crypto ipsec transform-set transform-set-name esp-null esp-sha-hmac

Regards

Farrukh

New Member

Re: how config VPN without encryption ?!

I want NOT encrypt video traffic... I mean that to config VPN site-to-site connection for video traffic between ASA's NOT to be encrypted. I using ASDM and i can configure site-to-site VPN. But how config VPN site-to-site NOT to be encrypted i don not know that... ? It will be better to give me advice how to config it with ASDM (of course if it's possible)... I hope u understand what i want.

Great thanks for helping. its very kind from UR side.

Regards

P.S. sorry for my poor English.

Re: how config VPN without encryption ?!

Oh ok, do to this you need to know the ports of the Video traffic, then you can deny them at the start of your Crypto Access-list.

! just an example

access-list cryptoacl deny udp subnet1 mask subnet2 mask eq 17244

access-list cryptoacl permit ip subnet1 mask subnet2

Note: The concept is similar, just do it in ASDM :)

Regards

Farrukh

New Member

Re: how config VPN without encryption ?!

Farrukh,

Great Thanks,But i meant other thing. I just wanted to know, how to configure VPN connection WITHOUT encryption. I want to put video traffc through VPN which will NOT BE ENCRYPTED. I intrested in how to config VPN without enryption. :(((

Need UR help.

New Member

Re: how config VPN without encryption ?!

Hello,

Like Farrukh has suggested you change the IKE parameters for your second tunnel where the video traffic go through by editing the IKE policy and choosing ESP-NULL as encryption algorithm.

http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/vpn_ike.html

Hope this helps

New Member

Re: how config VPN without encryption ?!

Hello,

Like Farrukh has suggested you change the IKE parameters for your second tunnel where the video traffic go through by editing the IKE policy and choosing ESP-NULL as encryption algorithm.

http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/vpn_ike.html

Hope this helps

Re: how config VPN without encryption ?!

The first solution I gave you (esp-null) is exactly that! "VPN without enryption."

Just try it out and it will help to understand things better.

What is the reason for such a configuration btw, maybe I can suggest something else?

Regards

Farrukh

New Member

Re: how config VPN without encryption ?!

Hello,

Just to for sharing an idea, another way to do it is to use AH instead of ESP whereas your two peer are ASA so support AH and you don't use PFS.

Regards

New Member

Re: how config VPN without encryption ?!

Good Morning Farrukh, Its very kind from ur side to help me and give advice... Great thanks once more... :)))

Thanks evreyone who reply me :))))

Re: how config VPN without encryption ?!

Regarding the AH suggestion, its not supported on the ASA 7.x AFAIK.

I'm glad we could help. Please rate helpful posts.

Regards

Farrukh

New Member

Re: how config VPN without encryption ?!

Farrukh, good morning.

I wanna ask one more question... :) as you know I going to configuring VPN without encryption (using ASDM) and intrested in if i did right ... ?

In the 4 step configuriong site-to-site VPN (using ASDM):

IPsec Encryption and Authentication.

Encryption - 3DES

Authenticatoin - NONE

I did everything right ? :)

Re: how config VPN without encryption ?!

No you have set the encryption to 3DES and authentication to none. You have to selected NULL In encryption, IF this is supported on ASDM.

Regards

Farrukh

New Member

Re: how config VPN without encryption ?!

I have never config VPN with comand line. Farrukh, can U share me a link where can i config and resolve my task... Great thanks in advande :)))

New Member

Re: how config VPN without encryption ?!

Hello,

I hpe this one could help

New Member

Re: how config VPN without encryption ?!

Re: how config VPN without encryption ?!

New Member

Re: how config VPN without encryption ?!

New Member

Re: how config VPN without encryption ?!

Great thanks ... Y all help me very much ... Thanks :))

Problem is resovled.

Topic is closed.

2921
Views
4
Helpful
18
Replies