07-26-2006 05:19 PM - edited 02-21-2020 02:33 PM
I am trying to move a VPN 3005 config to a router and I ma wondering about arriving at the Transform set and ISAKMP policy.
I do not undersand how they are set.
Do they have to match?
For example, if I know the policy is:
crypto isakmp policy 10
encryption 3des
hash sha
authentication preshare group 2
How do I know what transform set to use?
Will this one work?
crypto ipsec transform-set Gold esp-des esp-sha-hmac
07-26-2006 10:41 PM
Hi
The parameters should be the same on both the devices so that you can have the tunnel established.
for config reference do check this link..
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009482e.shtml
regds
07-26-2006 10:43 PM
No problem
transform set and isakmp policy are two different things
ISAKMP policy is used for IPSEC phase I. negotation
after successful phase I. it goes to phase II. a this is defined by trasform-set ... So there is no relation between policy and transform set. So your configuration is workin
Only isakmp policy must be same on both IPSEC peers and transform set parametrs must be same on both IPSEC peers
M.
Hope that helps rate if it does
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: