Cisco Secure Virtual Private Networks








8.4
Task
3Configuring IPSec



8.4.5
Step
2configure transform set suites






The next major step in configuring PIX Firewall IPSec
is to use the IPSec security policy to define a transform set.
An IPSec transform specifies a single IPSec
security protocol (either AH or ESP) with its corresponding security
algorithms and mode. The AH transform is a mechanism for payload
authentication. The ESP transform is a mechanism for payload
encryption.
Some example transforms include the following:

The Authentication Header (AH) protocol with
the hashed message authentication code (HMAC) with MD5
authentication algorithm in tunnel mode is used for
authentication.
The Encapsulating Security Payload (ESP)
protocol with the triple Data Encryption Standard (DES) (3DES)
encryption algorithm in transport mode is used for
confidentiality of data.
The ESP protocol with the 56-bit DES encryption
algorithm and the HMAC with Secure Hash Algorithm (SHA)
authentication algorithm in tunnel mode is used for
authentication and confidentiality.