Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
0
Helpful
2
Replies

VPN transform set and isakmp policy

richmorrow624
Level 1
Level 1

‎07-26-2006 05:19 PM - edited ‎02-21-2020 02:33 PM

I am trying to move a VPN 3005 config to a router and I ma wondering about arriving at the Transform set and ISAKMP policy.

I do not undersand how they are set.

Do they have to match?

For example, if I know the policy is:

crypto isakmp policy 10

encryption 3des

hash sha

authentication preshare group 2

How do I know what transform set to use?

Will this one work?

crypto ipsec transform-set Gold esp-des esp-sha-hmac

Labels:
0 Helpful
2 Replies 2

spremkumar
Level 9
Level 9

‎07-26-2006 10:41 PM

Hi

The parameters should be the same on both the devices so that you can have the tunnel established.

for config reference do check this link..

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009482e.shtml

regds

0 Helpful

m.sir
Level 7
Level 7

‎07-26-2006 10:43 PM

No problem

transform set and isakmp policy are two different things

ISAKMP policy is used for IPSEC phase I. negotation

after successful phase I. it goes to phase II. a this is defined by trasform-set ... So there is no relation between policy and transform set. So your configuration is workin

Only isakmp policy must be same on both IPSEC peers and transform set parametrs must be same on both IPSEC peers

M.

Hope that helps rate if it does

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents