09-05-2007 04:40 AM - edited 03-09-2019 06:45 PM
hi all,
I would like to know what is requirement of configuring transform-set?
while creating isakmp policy we had already defined confidentiality, integrity and authetication
then we also define in crypto maps.
thanking you,
prashanth.
09-05-2007 10:26 AM
Hi Prashanth
An IPSEC tunnel is formed in two phases.
1) Phase 1 deals with the establishement of a secure tunnel between the 2 VPN peers. In this phase keys are created and exchanged.
2) Phase 2 deals with the establisement of the actual tunnel (SA - security association) that transmits the data.
Think of this way. In order to setup secure tunnels for data transfer (Phase 2) you need to have a secure communication already established between the peers (Phase 1).
The two phases can use totally different encryption and authentication algorithms so you need to define both sets in your configuration.
Phase 1 = isakmp settings
Phase 2 = transform-set/crypto map settings.
HTH
Jon
09-08-2007 05:50 AM
hi jon,
Thanks alot for feedback. it has solve lot of confusion.
i would like some troubleshoot commands for verifying phase1 and phase2 process.
and which part you need to stress in output.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: