• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 477
  • Last Modified:

ESP and AH transform-set command

When I do a crypto ipsec transform-set ?
I see:

ah-md5-hmac
ah-sha-hmac
comp-lzs
esp-des
esp-md5-hmac
esp-null
esp-sha-hmac

I always choose esp-des.
When's the proper time to choose ESP and when's the proper time to choose AH?

0
dissolved
Asked:
dissolved
1 Solution
 
JFrederick29Commented:
You can use AH alone when you are just looking for authentication and anti-replay services without encryption.  If you want encryption you need to use ESP.  ESP also provides authentication.  Typically you are going to use ESP for your VPN tunnel.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now