Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

basic question

hi all,

I would like to know what is requirement of configuring transform-set?

while creating isakmp policy we had already defined confidentiality, integrity and authetication

then we also define in crypto maps.

thanking you,

prashanth.

2 REPLIES
Hall of Fame Super Blue

Re: basic question

Hi Prashanth

An IPSEC tunnel is formed in two phases.

1) Phase 1 deals with the establishement of a secure tunnel between the 2 VPN peers. In this phase keys are created and exchanged.

2) Phase 2 deals with the establisement of the actual tunnel (SA - security association) that transmits the data.

Think of this way. In order to setup secure tunnels for data transfer (Phase 2) you need to have a secure communication already established between the peers (Phase 1).

The two phases can use totally different encryption and authentication algorithms so you need to define both sets in your configuration.

Phase 1 = isakmp settings

Phase 2 = transform-set/crypto map settings.

HTH

Jon

New Member

Re: basic question

hi jon,

Thanks alot for feedback. it has solve lot of confusion.

i would like some troubleshoot commands for verifying phase1 and phase2 process.

and which part you need to stress in output.

194
Views
0
Helpful
2
Replies