Reference Guide

Internet Protocol Security (IPSec)
Internet protocol security (IPSec) is an end-to-end security scheme for protecting IP communications by authenticating and
encrypting all packets in a communication session.
Use IPSec between hosts, between gateways, or between hosts and gateways.
IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel.
Transport mode (default) Use to encrypt only the payload of the packet. Routing information is unchanged.
Tunnel mode Use to encrypt the entire packet including the routing information of the IP header. Typically used when
creating virtual private networks (VPNs).
NOTE: Due to performance limitations on the control processor, You cannot enable IPSec on all packets in a communication
session.
IPSec uses the following protocols:
Authentication Headers (AH) Disconnected integrity and origin authentication for IP packets
Encapsulating Security (ESP) Confidentiality, authentication, and data integrity for IP packets
Security Associations (SA) Necessary algorithmic parameters for AH and ESP functionality
IPSec supports the following authentication and encryption algorithms:
Authentication only:
MD5
SHA1
Encryption only:
3DES
CBC
DES
ESP Authentication and Encryption:
MD5 & 3DES
MD5 & CBC
MD5 & DES
SHA1 & 3DES
SHA1 & CBC
SHA1 & DES
Topics:
Configuring IPSec
Configuring IPSec
The following sample configuration shows how to configure FTP and telnet for IPSec.
1. Define the transform set.
CONFIGURATION mode
crypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption des
2. Define the crypto policy.
CONFIGURATION mode
crypto ipsec policy myCryptoPolicy 10 ipsec-manual
transform-set myXform-set
session-key inbound esp 256 auth <key>
23
366 Internet Protocol Security (IPSec)