User's Manual

Table Of Contents
Wizards
Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 57
2
Configuring the Transform Policies
In the Transform Policy window, follow these procedures to create a new
transform policy.
STEP 1 To add an entry, click Add.
Other options: To edit an entry, click Edit. To delete an entry, click Delete.
After you click Add, the Transform Policy - Add/Edit window opens.
STEP 2 Enter the following information:
Name: Enter an unique name for the transform policy.
Integrity: Choose the hash algorithm used to ensure data integrity. The hash
algorithm ensures that a packet comes from where it says it comes from, and
that it has not been modified in transit. The default is ESP_SHA1_HMAC.
- ESP_SHA1_HMAC: Authentication with SHA_1 (160-bit).
- ESP_MD5_HMAC: Authentication with MD5 (128-bit). MD5 has a smaller
digest and is considered to be slightly faster than SHA_1. A successful
(but extremely difficult) attack against MD5 has occurred; however, the
HMAC variant IKE uses prevents this attack.
Encryption: Choose the symmetric encryption algorithm that protects data
transmitted between two IPSec peers. The default is ESP-3DES. The
Advanced Encryption Standard supports key lengths of 128, 192, 256 bits.
- ESP_3DES: Encryption with 3DES (168-bit).
- ESP_AES_128: Encryption with AES (128-bit).
- ESP_AES_192: Encryption with AES (192-bit).
- ESP_AES_256: Encryption with AES (256-bit).
STEP 3 Click OK to save your settings.