Administrator Guide
Internet Protocol Security (IPSec)
IPSec is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication
session.
Use IPSec between hosts, between gateways, or between hosts and gateways.
IPSec is compatible with Telnet and le transfer protocols (FTPs) and can operate in Transport mode. In Transport mode, IPSec encrypts
only the packet payload; the IP header is unchanged. This is the default mode.
NOTE: Due to performance limitations on the control processor, you cannot enable IPSec on all packets in a communication
session.
IPSec uses the following protocols:
• Authentication Headers (AH) — Disconnected integrity and origin authentication for IP packets
• Encapsulating Security (ESP) — Condentiality, authentication, and data integrity for IP packets
• Security Associations (SA) — Necessary algorithmic parameters for AH and ESP functionality
IPSec supports the following authentication and encryption algorithms:
• Authentication only:
• MD5
• SHA1
• Encryption only:
• 3DES
• CBC
• DES
• ESP Authentication and Encryption:
• MD5 and 3DES
• MD5 and CBC
• MD5 and DES
• SHA1 and 3DES
• SHA1 and CBC
• SHA1 and DES
Conguring IPSec
The following sample conguration shows how to congure FTP and telnet for IPSec.
1 Dene the transform set.
CONFIGURATION mode
crypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption des
2 Dene the crypto policy.
CONFIGURATION mode
crypto ipsec policy
25
Internet Protocol Security (IPSec) 383