routeprotocol.com

IPSec Transform Sets

In IPSec, a transform set is a combination of security protocols and algorithms.

During the IPSec security association negotiation, peers will agree to use a particular transform set for protecting data flows.

When an agreement for a transform set is found, it is used on the security association on both peers.

Authentication Header Transform Sets

Authentication Header provides no encryption capabilities so is not recommended

ah-md5-hmac – Authentication header with the MD5 authentication algorithm

ah-sha-hmac – Authentication header with the SHA authentication algorithm

ah-sha256-hmac – Authentication header with the 256-bit SHA authentication algorithm

ah-sha384-hmac – Authentication header with the 384-bit SHA authentication algorithm

ah-sha512-hmac – Authentication header with the 512-bit SHA authentication algorithm

Encapsulating Security Payload

Encryption Transforms

esp-aes – Encapsulating security payload utilising the 128-bit AES encryption algorithm

esp-gcm – Encapsulating security payload utilising a 128-bit or 256-bit authentication encryption algorithm (gcm)

esp-gmac – Encapsulating security payload utrilising a 128-bit or 256-bit authentication algorithm without encyption

esp-aes 192 – Encapsulating security payload utilising 192-bit AES encryption algorithm

esp-aes 256 – Encapsulating security payload utilising 256-bit AES encryption algorithm

esp-des – Encapsulating security payload utilising DES encryption

esp-3des – Encapsulating security payload utilising triple DES encryption

Authentication Transforms

esp-md5-hmac – Encapsulating security payload utilising the HMAC variant of MD5 authentication algorithm.

esp-sha-hmac – Encapsulating security payload utilising the SHA HMAC variant of an authentication algorithm.

IP Compression Transform

comp-lzs – IP compression algorithm with Lempel-Ziv-Stac (LZS) algorithm


Posted

in

, ,

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.