Cisco 7100 Series Spezifikationen PDF herunterladen (Seite 86)

Step 2—Configuring Encryption and an IPSec Tunnel

Cisco 7100 Series VPN Configuration Guide

4-14

Note AH and ESP can be used independently or together, although for most applications

just one of them is sufﬁcient. For both of these protocols, IPSec does not deﬁne the speciﬁc

security algorithms to use, but rather, provides an open framework for implementing

industry-standard algorithms.

hq-sanjose(cfg-crypto-trans)# mode

tunnel

Change the mode associated with the transform set.

The mode setting is only applicable to trafﬁc whose

source and destination addresses are the IPSec peer

addresses; it is ignored for all other trafﬁc. (All other

trafﬁc is in tunnel mode only.) This example

conﬁgures tunnel mode for the transport set proposal4,

which creates an IPSec tunnel between the IPSec peer

addresses.

hq-sanjose(cfg-crypto-trans)# exit

hq-sanjose(config)#

Exit back to global conﬁguration mode.

1 AH = authentication header. This header, when added to an IP datagram, ensures the integrity and authenticity of the data, including

the invariant fields in the outer IP header. It does not provide confidentiality protection. AH uses a keyed-hash function rather than

digital signatures.

2 ESP = encapsulating security payload. This header, when added to an IP datagram, protects the confidentiality, integrity, and

authenticity of the data. If ESP is used to validate data integrity, it does not include the invariant fields in the IP header.

Step Command Purpose

1 2 ... 81 82 83 84 85 86 87 88 89 90 91 ... 111 112

Keine Kommentare

Cisco 7100 Series Spezifikationen Seite 86