Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN transform set and isakmp policy

I am trying to move a VPN 3005 config to a router and I ma wondering about arriving at the Transform set and ISAKMP policy.

I do not undersand how they are set.

Do they have to match?

For example, if I know the policy is:

crypto isakmp policy 10

encryption 3des

hash sha

authentication preshare group 2

How do I know what transform set to use?

Will this one work?

crypto ipsec transform-set Gold esp-des esp-sha-hmac

2 REPLIES

Re: VPN transform set and isakmp policy

Hi

The parameters should be the same on both the devices so that you can have the tunnel established.

for config reference do check this link..

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009482e.shtml

regds

Gold

Re: VPN transform set and isakmp policy

No problem

transform set and isakmp policy are two different things

ISAKMP policy is used for IPSEC phase I. negotation

after successful phase I. it goes to phase II. a this is defined by trasform-set ... So there is no relation between policy and transform set. So your configuration is workin

Only isakmp policy must be same on both IPSEC peers and transform set parametrs must be same on both IPSEC peers

M.

Hope that helps rate if it does

129
Views
0
Helpful
2
Replies
CreatePlease to create content