Comment
Author: Admin | 2025-04-27
The names of the transform sets. hostname(config)# crypto ipsec ikev1 transform-set myset1 esp-aes esp-sha-hmac hostname(config)# hostname(config)# crypto ipsec ikev1 transform-set aes_set esp-md5-hmac esp-aes-256 Step 3 To configure an IKEv2 proposal that also defines how to protect the traffic, enter the following command: crypto ipsec ikev2 ipsec-proposal [proposal tag] proposal tag is the name of the IKEv2 IPsec proposal, a string from 1 to 64 characters. Create the proposal and enter the ipsec proposal configuration mode where you can specify multiple encryption and integrity types for the proposal. Example: hostname(config)# crypto ipsec ikev2 ipsec-proposal secure In this example, secure is the name of the proposal. Enter a protocol and encryption types: hostname(config-ipsec-proposal)# protocol esp encryption aes Example: This command chooses which AES-GCM or AES-GMAC algorithm to use: [no] protocol esp encryption [ aes| aes-192 | aes-256 | aes-gcm| aes-gcm-192 | aes-gcm-256| null] If SHA-2 or null is chosen, you must choose which algorithm to use as an IPsec integrity algorithm. You must choose the null integriy algorithm if AES-GCM/GMAC is configured as the encryption algorithm: [no] protocol esp integrity [sha-1 | sha-256 | sha-384 | sha-512 | null] Note You must choose the null integrity algorithm if AES-GCM/GMAC has been configured as the encryption algorithm. SHA-256 can be used for integrity and PRF to establish IKEv2 tunnels, but it can also be used for ESP integrity protection. Step 4 (Optional) An administrator can enable path maximum transfer unit (PMTU) aging and set the interval at which the PMTU value is reset
Add Comment