Installation guide

Switch Security

6-66

d. Use the ACL ID drop-down menu to permit a Crypto Map data flow using the permissions within

the selected ACL.

e. Select either the AH or ESP radio button to define whether the Crypto Map’s manual security

association is an AH Transform Authentication scheme or an ESP Encryption Transform scheme.

The AH SPI or ESP SPI fields and key fields become enabled depending on which radio button is

selected.

f. Define the In AH SPI and Auth Keys or In Esp and Cipher Keys depending on which option has

been selected.

g. Use the Transform Set drop-down menu to select the transform set representing a combination

of security protocols and algorithms. During the IPSec security association negotiation, peers

agree to use the transform set for protecting the data flow. A new manual security association

cannot be generated without the selection of a transform set. A default transform set is available

if none are defined.

7. Click OK when completed to save the configuration of the Crypto Map security association.

6.8.4.4 Crypto Map Transform Sets

A transform set is a combination of security protocols and algorithms that define how the switch protects data.

To review, revise or add a Crypto Map transform set:

1. Select Security > IPSec VPN from the main menu tree.

2. Click the Crypto Maps tab and select Transform Sets.