cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
306
Views
0
Helpful
2
Replies

basic question

bethamprashanth
Level 1
Level 1

hi all,

I would like to know what is requirement of configuring transform-set?

while creating isakmp policy we had already defined confidentiality, integrity and authetication

then we also define in crypto maps.

thanking you,

prashanth.

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Hi Prashanth

An IPSEC tunnel is formed in two phases.

1) Phase 1 deals with the establishement of a secure tunnel between the 2 VPN peers. In this phase keys are created and exchanged.

2) Phase 2 deals with the establisement of the actual tunnel (SA - security association) that transmits the data.

Think of this way. In order to setup secure tunnels for data transfer (Phase 2) you need to have a secure communication already established between the peers (Phase 1).

The two phases can use totally different encryption and authentication algorithms so you need to define both sets in your configuration.

Phase 1 = isakmp settings

Phase 2 = transform-set/crypto map settings.

HTH

Jon

hi jon,

Thanks alot for feedback. it has solve lot of confusion.

i would like some troubleshoot commands for verifying phase1 and phase2 process.

and which part you need to stress in output.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: