hit counter script

Supported Ipsec Transforms And Algorithms; Supported Ike Transforms And Algorithms - Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual

Cisco mds 9000 family cli configuration guide - release 4.x (ol-18084-01, february 2009)
Hide thumbs Also See for AP776A - Nexus Converged Network Switch 5020:
Table of Contents

Advertisement

Using IPsec
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

Supported IPsec Transforms and Algorithms

The component technologies implemented for IPsec include the following transforms:
Note

Supported IKE Transforms and Algorithms

The component technologies implemented for IKE include the following transforms:
Cisco MDS 9000 Family CLI Configuration Guide
37-6
Data confidentiality—A security service where the protected data cannot be observed.
Data flow—A grouping of traffic, identified by a combination of source address and mask or prefix,
destination address mask or prefix length, IP next protocol field, and source and destination ports,
where the protocol and port fields can have any of these values. Traffic matching a specific
combination of these values is logically grouped together into a data flow. A data flow can represent
a single TCP connection between two hosts, or it can represent traffic between two subnets. IPsec
protection is applied to data flows.
Perfect forward secrecy (PFS)—A cryptographic characteristic associated with a derived shared
secret value. With PFS, if one key is compromised, previous and subsequent keys are not
compromised, because subsequent keys are not derived from previous keys.
Security Policy Database (SPD)—An ordered list of policies applied to traffic. A policy decides if
a packet requires IPsec processing, if it should be allowed in clear text, or if it should be dropped.
The IPsec SPDs are derived from user configuration of crypto maps.
The IKE SPD is configured by the user.
Advanced Encrypted Standard (AES) is an encryption algorithm. It implements either 128 or 256
bits using Cipher Block Chaining (CBC) or counter mode.
Data Encryption Standard (DES) is used to encrypt packet data and implements the mandatory
56-bit DES-CBC. CBC requires an initialization vector (IV) to start encryption. The IV is explicitly
given in the IPsec packet.
Triple DES (3DES) is a stronger form of DES with 168-bit encryption keys that allow sensitive
information to be transmitted over untrusted networks.
Cisco NX-OS images with strong encryption are subject to United States government export
controls, and have a limited distribution. Images to be installed outside the United States require
an export license. Customer orders might be denied or subject to delay due to United States
government regulations. Contact your sales representative or distributor for more information,
or send e-mail to export@cisco.com.
Message Digest 5 (MD5) is a hash algorithm with the HMAC variant. HMAC is a keyed hash variant
used to authenticate data.
Secure Hash Algorithm (SHA-1) is a hash algorithm with the Hash Message Authentication Code
(HMAC) variant.
AES-XCBC-MAC is a Message Authentication Code (MAC) using the AES algorithm.
Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a
shared secret over an unsecure communications channel. Diffie-Hellman is used within IKE to
establish session keys. Group 1 (768-bit), Group 2 (1024-bit), and Group 5 (1536-bit) are supported.
Chapter 37
Configuring IPsec Network Security
OL-18084-01, Cisco MDS NX-OS Release 4.x

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents