Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Disabling ESP authentication

I have this IPsec configuration on one of my routers

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxxxxx address xx.xx.xx.xx

!

!

crypto ipsec transform-set test esp-3des esp-sha-hmac

!

crypto map MAP1 10 ipsec-isakmp

set peer yy.yy.yy.yy

set transform-set test1

match address test

I want to disable the ESP authentication due to a bug. How to do that? Do I have to do it on the routers in my network? What is the impact of disabling the ESP authentication?

Thnaks in advance..

2 REPLIES

Re: Disabling ESP authentication

Friend,

USe AH instead of ESP and check

HTH

Narayan

New Member

Re: Disabling ESP authentication

Dear Ahmede,

I belive you have modified the configuration while pasting it.

Please note that the Tansform set called in configuration is test1, however the only transform set created is test.

Can u please share the debug log?

Also:

Incase you have to change the Authentication to AH mode, you must do it at both the IPsec peering routers.

Caution:

1> ACL must be mirror image at both end

2> Crypto Policy and Key must be same

3> Crypto transform set must be identical

Reg - Impact on disabling ESP

Please note that ESP is more preferred security protocol for IPsec, as it provides confidentiality ( encryption ) along with optional data authentication.

Impact in general would be that Secure traffic will be not encrypted while travelling between Peers. Rest assured the services will run fine with AH ( Assuming no new bug bugging Routers :)) )

Please share your experience.

Regards,

Prince

213
Views
0
Helpful
2
Replies
CreatePlease login to create content