Switch User Manual

Configuration | Policy Management | Traffic Management | Security Associations
13-21
VPN 3000 Concentrator Series User Guide
IPSec SAs
The IPSec SAs list shows the configured SAs that are available. The SAs are listed in the order they are
configured.
Cisco supplies default SAs that you can use or modify; see Table 13-2. See
Configuration | Policy
Management | Traffic Management | Security Associations | Add
for explanations of the parameters.
Add / Modify / Delete
To configure a new SA, click Add. The Manager opens the Configuration | Policy Management | Traffic
Management | Security Associations | Add
screen.
To modify an SA that has been configured, select the SA from the list and click
Modify. The Manager
opens the
Configuration | Policy Management | Traffic Management | Security Associations | Modify screen.
Table 13-2: Cisco-supplied default Security Associations
SA Name
Parameter
ESP-DES-MD5 ESP-3DES-
MD5
ESP/IKE-3DES-
MD5
ESP-3DES-
NONE
ESP-L2TP-
TRANSPORT
Inheritance From Rule From Rule From Rule From Rule From Rule
IPSec
Parameters
Authentication
Algorithm
ESP/MD5/
HMAC-128
ESP/MD5/
HMAC-128
ESP/MD5/
HMAC-128
None ESP/MD5/
HMAC-128
Encryption
Algorithm
DES-56 3DES-168 3DES-168 3DES-168 DES-56
Encapsulation
Mode
Tunnel Tunnel Tunnel Tunnel Transport
Perfect Forward
Secrecy
Disabled Disabled Disabled Disabled Disabled
Lifetime
Measurement
Time Time Time Time Time
Data Lifetime 10000 KB
(not relevant)
10000 KB
(not relevant)
10000 KB
(not relevant)
10000 KB
(not relevant)
10000 KB
(not relevant)
Time Lifetime 28800 sec 28800 sec 28800 sec 28800 sec 3600 sec
IKE Parameters
IKE Peer 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
Negotiation
Mode
Main Main Main Main Main
Digital
Certificate
None (Use
Preshared Keys)
None (Use
Preshared Keys)
None (Use
Preshared Keys)
None (Use
Preshared Keys)
None (Use
Preshared Keys)
IKE Proposal IKE-DES-MD5 IKE-DES-MD5 IKE-3DES-MD5 IKE-3DES-MD5 IKE-3DES-MD5