Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC without encryption

Because of local laws, we are forced to setup a VPN site-to-site Internet tunnel without encryption. The question is: is it possible to configure IPSEC without encryption. If yes, which changes should I apply to the standard IPSEC configuration?

3 REPLIES
Cisco Employee

Re: IPSEC without encryption

You can indeed use IPsec without encryption. Just use authentication. You need to configure your IPsec transform set something like this:

crypto ipsec transform-set ts ah-md5-hmac

or

crypto ipsec transform-set ts ah-sha-hmac

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: IPSEC without encryption

There is also the following :

esp-null ESP transform w/o cipher

You can add this to your tansform-set.

New Member

Re: IPSEC without encryption

I suggest you just use GRE Tunneling and Authentication Header (AH) with Transport Mode.

Protect the GRE Tunnel Endpoints with AH

You can make sure that Data Traffic is not tampered with along the way (it is checksumed with MD5). But Encryption does not take place.

This design is more modular, as you can take the IPSec config away and your GRE will still work, if you ever wish to migrate to ESP (with DES or 3DES encryption).

410
Views
0
Helpful
3
Replies
CreatePlease to create content