Configuring an IPsec Transform Set
An IPsec transform set defines how VPN data will be protected by specifying
the IPsec protocols that will be used. You can specify up to four transforms
and the algorithm to use with each. You can also configure either Tunnel or
Transport mode (Tunnel is default). Transforms include combinations of the
following:
■ AH with either MD5 or SHA-1
■ ESP encryption using DES, 3DES, AES, or others
■ ESP authentication using MD5 or SHA-1
■ Compression using the Lempel-Ziv-Stac (LZS) algorithm
The following example shows a transform set with ESP encryption and
authentication. Note that these commands are all given as part of the same
command:
IPSEC_RTR#conf t
Enter configuration commands, one per line. End with CNTL/Z.
IPSEC_RTR(config)#crypto ipsec transform-set TRANSFORM1 esp-aes
192 esp-md5-hmac