Support User Manuals

Cisco Systems C819GUK9 Router User Manual

Open as PDF

of 196

9-12

Cisco 819 Series Integrated Services Routers Software Configuration Guide

OL-23590-02

Chapter 9 Configuring Security Features

Configuring VPN

Configure IPSec Transforms and Protocols

A transform set represents a certain combination of security protocols and algorithms. During IKE

negotiation, the peers agree to use a particular transform set for protecting data flow.

During IKE negotiations, the peers search in multiple transform sets for a transform that is the same at

both peers. When a transform set that contains such a transform is found, it is selected and applied to the

protected traffic as a part of both peers’ configurations.

To specify the IPSec transform set and protocols, perform these steps, beginning in global configuration

mode:

SUMMARY STEPS

1. crypto ipsec profile profile-name

2. crypto ipsec transform-set transform-set-name transform1 [transform2] [transform3]

[transform4]

3. crypto ipsec security-association lifetime {seconds seconds | kilobytes kilobytes}

DETAILED STEPS

Configure the IPSec Crypto Method and Parameters

A dynamic crypto map policy processes negotiation requests for new security associations from remote

IPSec peers, even if the router does not know all the crypto map parameters (for example, IP address).

To configure the IPSec crypto method, perform these steps, beginning in global configuration mode:

Command or Action Purpose

Step 1

crypto ipsec profile profile-name

Example:

Router(config)# crypto ipsec profile pro1

Router(config)#

Configures IPSec profile to apply protection on

the tunnel for encryption.

Step 2

crypto ipsec transform-set

transform-set-name transform1 [transform2]

[transform3] [transform4]

Example:

Router(config)# crypto ipsec transform-set

vpn1 esp-3des esp-sha-hmac

Router(config)#

Defines a transform set—an acceptable

combination of IPSec security protocols and

algorithms.

See Secure Connectivity Configuration Guide

Library, Cisco IOS Release 12.4T for details about

the valid transforms and combinations.

Step 3

crypto ipsec security-association lifetime

{seconds seconds | kilobytes kilobytes}

Example:

Router(config)# crypto ipsec

security-association lifetime seconds 86400

Router(config)#

Specifies global lifetime values used when IPSec

security associations are negotiated.

previous next