Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
25-28
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 25 Configuring IKE and IPsec Policies
Understanding IPsec Proposals
ESP Encryption The Encapsulating Security Protocol (ESP) encryption algorithm that
the transform set should use. For more information on the following
options, see Deciding Which Encryption Algorithm to Use, page 25-6.
For IKEv1, select one of the following options. For IKEv2, click Select
to open a dialog box where you can select all of the options you want
to support:
Note AES-GCM/GMAC can only be configured on 5580 and newer
ASA platforms.
(Blank)—Do not use ESP encryption.
DES—Encrypts according to the Data Encryption Standard using
56-bit keys.
3DES—Encrypts three times using 56-bit keys. 3DES is more
secure than DES, but requires more processing for encryption and
decryption. It is less secure than AES. A 3DES license is required
to use this option.
AES-128 (AES)—Encrypts according to the Advanced Encryption
Standard using 128-bit keys.
AES-192—Encrypts according to the Advanced Encryption
Standard using 192-bit keys.
AES-256—Encrypts according to the Advanced Encryption
Standard using 256-bit keys.
ESP-Null (NULL)—A null encryption algorithm. Transform sets
defined with ESP-Null provide authentication without encryption;
this is typically used for testing purposes only.
AES-GCM (IKEv2 only)—Encrypts according to the Advanced
Encryption Standard in Galois/Counter Mode using 128-bit keys.
(ASA 9.0.1+ devices only).
AES-GCM-192 (IKEv2 only)—Encrypts according to the
Advanced Encryption Standard in Galois/Counter Mode using
192-bit keys. (ASA 9.0.1+ devices only).
AES-GCM-256 (IKEv2 only)—Encrypts according to the
Advanced Encryption Standard in Galois/Counter Mode using
256-bit keys. (ASA 9.0.1+ devices only).
AES-GMAC (IKEv2 only)—Encrypts according to the Advanced
Encryption Standard Galois Message Authentication Codeusing
128-bit keys.
AES-GMAC-192 (IKEv2 only)—Encrypts according to the
Advanced Encryption Standard Galois Message Authentication
Codeusing 192-bit keys.
AES-GMAC-256 (IKEv2 only)—Encrypts according to the
Advanced Encryption Standard Galois Message Authentication
Code using 256-bit keys.
Table 25-4 IPSec IKEv1 or IKEv2 Transform Set Dialog Box (Continued)
Element Description