crypto ipsec transform-set

Last Updated : Feb 29, 2024 |

Enters the IKE phase 2 (IPSec) transform-set context and creates or edits IPSec parameters for the VPN tunnel. Use no crypto ipsec transform-set to delete IKE phase 2 (IPSec) parameters for the VPN tunnel.

Syntax

[no] crypto ipsec transform-set name {esp-aes | esp-aes-192 | esp-aes-256 | esp-null} [{esp-md5-hmac | esp-sha-hmac}] [comp-lzs]

Note:

If you want to enable authentication only, enter the esp-null parameter.

Parameters

Parameter

Description

Possible Values

Default Value

name

The transform-set name

1-32 characters, no spaces

esp-aes

Keyword specifying the following encryption type: Encapsulation Security Protocol and Advanced Encryption Standard using a 128-bit key

esp-aes-192

Keyword specifying the following encryption type: Encapsulation Security Protocol and Advanced Encryption Standard using a 192-bit key

esp-aes-256

Keyword specifying the following encryption type: Encapsulation Security Protocol and Advanced Encryption Standard using a 256-bit key

esp-null

Keyword specifying the following encryption type: Encapsulation Security Protocol without encryption.

This option is intended for lab testing.

esp-md5-hmac

Keyword specifying the following authentication type: Encapsulation Security Protocol, md5 hashing and keyed-hash mac

esp-sha-hmac

Keyword specifying the following authentication type: Encapsulation Security Protocol, secure hash algorithm and keyed-hash mac

comp-lzs

Keyword specifying IP compression with the LZS algorithm

User level

read-write

Context

general

Examples

To configure an IPSec transform set with encryption and authentication:

Gxxx-001(super)# crypto ipsec transform-set ts2 esp-des esp-md5-hmac
Gxxx-001(config-transform:ts2)#

To configure an IPSec transform set with encryption, authentication and IP compression:

Gxxx-001(super)# crypto ipsec transform-set ts6 esp-des esp-md5-hmac comp-lzs
Gxxx-001(config-transform:ts6)#

To configure an IPSec transform set with authentication only:

Gxxx-001(super)# crypto ipsec transform-set ts3 esp-null esp-md5-hmac
Gxxx-001(config-transform:ts3)#

To enter the crypto IPSec transform-set context:

Gxxx-001(super)# crypto ipsec transform-set ts1
Gxxx-001(config-transform:ts1)#