Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

25-26

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 25 Configuring IKE and IPsec Policies

Understanding IPsec Proposals

• Authentication Header (AH)—Provides authentication and anti-replay services. AH does not

provide encryption and has largely been superseded by ESP. It is also supported on routers only. AH

is IP protocol type 51.

Note We recommend using both encryption and authentication on IPSec tunnels.

There are separate IPsec transform set objects based on the IKE version, IKEv1 or IKEv2:

• When you create an IPSec IKEv1 transform set object, you select the mode in which IPSec should

operate, as well as define the required encryption and authentication types. Additionally, you can

select whether to include compression in the transform set. You can select single options for the

algorithms, so if you want to support multiple combinations in a VPN, you must create multiple

IPsec IKEv1 transform set objects.

• When you create an IPSec IKEv2 transform set object, you can select all of the encryption and hash

algorithms that you will allow in a VPN. During IKEv2 negotiations, the peers select the most

appropriate options that each support.

Navigation Path

Select Manage > Policy Objects, then select IPSec Transform Sets > IPSec IKEv1 Transform Sets

or IPSec Transform Sets > IPSec IKEv2 Transform Sets from the Object Type Selector. Right-click

inside the work area and select New Object or right-click a row and select Edit Object.

Related Topics

• Understanding Transform Sets, page 25-19

• Overview of IKE and IPsec Configurations, page 25-2

• Comparing IKE Version 1 and 2, page 25-4

• Understanding IKE, page 25-5

• Understanding IPsec Proposals, page 25-17

• IPsec Proposal Editor (ASA, PIX 7.0+ Devices), page 30-33

• IPsec Proposal Editor (IOS, PIX 6.3 Devices), page 32-4

• Configuring an IPsec Proposal on a Remote Access VPN Server (ASA, PIX 7.0+ Devices),

page 30-33

• Configuring an IPsec Proposal on a Remote Access VPN Server (IOS, PIX 6.3 Devices), page 32-3

• Configuring IPsec Proposals in Site-to-Site VPNs, page 25-21

• Configuring an IPsec Proposal for Easy VPN, page 27-10

• Configuring IKEv1 Proposal Policy Objects, page 25-10

• Creating Policy Objects, page 6-9

• Policy Object Manager, page 6-4

Field Reference

Table 25-4 IPSec IKEv1 or IKEv2 Transform Set Dialog Box

Element Description

Name The name of the policy object. A maximum of 128 characters is

allowed.

previous next