PIX-Supported IPSec Transforms
Transform Description
ah-md5-hmac AH-MD5-HMAC transform used for authentication
ah-sha-hmac AH-SHA-HMAC transform used for authentication
esp-null ESP transform that does not provide any encryption
esp-des ESP transform using DES encryption (56-bit)
esp-3des ESP transform using 3DES encryption (168-bit)
esp-aes ESP transform using AES encryption (128-bit)
esp-aes-192 ESP transform using AES-192 encryption (192-bit)
esp-aes-256 ESP transform using AES-256 encryption (256-bit)
esp-md5-hmac ESP transform with HMAC-MD5 authentication, used with either ESP-DES
or ESP-3DES to provide additional integrity of ESP packets
esp-sha-hmac ESP transform with HMAC-SHA authentication, used with either ESP-DES
or ESP-3DES to provide additional integrity of ESP packets
NOTE hmac represents Keyed-Hashing for Message Authentication and is outlined in
RFC 2104.
The syntax for the transform-set command is as follows:
crypto ipsec transform-set transform-set-name transform1 [transform2 [transform3]]
Example 13-2 shows the current ISAKMP policy configuration with the access list and
transform set defined.