Home > Articles > Certification > Cisco Certification

  • Print
  • + Share This
From the author of Phase 2 IKE IPSec Transform Sets (v1) and Proposals (v2)

Phase 2 IKE IPSec Transform Sets (v1) and Proposals (v2)

Just like the Phase 1 IKE SA, the ASA supports both IKE versions when securing the actual traffic using IKEv1 IPsec Transform Sets or IKEv2 IPsec Proposals. When using IKEv1, the parameters used between devices to set up the Phase 2 IKE IPsec SA is also referred to as an IKEv1 transform set and includes the following:

  • Encryption Method (esp-aes, esp-aes-192, esp-aes-256, esp-des, esp-3des or esp-null)
  • Authentication Method (esp-md5-hmac, esp-sha-hmac or esp-none)

When using IKEv2, the parameters used between devices to set up the Phase 2 IKE IPsec SA is also referred to as an IKEv2 proposal and includes the following:

  • Encryption Method (des, 3des, aes, aes-192, aes-256 or null)
  • Authentication Method (md5, sha-1 or null)
  • + Share This
  • 🔖 Save To Your Account