https://community.cisco.com/t5/network-access-control/disabling-esp-authentication/m-p/659484#M5659 <P>I have this IPsec configuration on one of my routers</P><P>crypto isakmp policy 1</P><P> encr 3des</P><P> authentication pre-share</P><P> group 2 </P><P>crypto isakmp key xxxxxxxxx address xx.xx.xx.xx</P><P>! </P><P>! </P><P>crypto ipsec transform-set test esp-3des esp-sha-hmac </P><P>! </P><P>crypto map MAP1 10 ipsec-isakmp </P><P> set peer yy.yy.yy.yy</P><P> set transform-set test1</P><P> match address test</P><P></P><P>I want to disable the ESP authentication due to a bug. How to do that? Do I have to do it on the routers in my network? What is the impact of disabling the ESP authentication?</P><P></P><P>Thnaks in advance..</P> Fri, 21 Feb 2020 18:17:23 GMT Ahmede 2020-02-21T18:17:23Z https://community.cisco.com/t5/network-access-control/disabling-esp-authentication/m-p/659484#M5659 <P>I have this IPsec configuration on one of my routers</P><P>crypto isakmp policy 1</P><P> encr 3des</P><P> authentication pre-share</P><P> group 2 </P><P>crypto isakmp key xxxxxxxxx address xx.xx.xx.xx</P><P>! </P><P>! </P><P>crypto ipsec transform-set test esp-3des esp-sha-hmac </P><P>! </P><P>crypto map MAP1 10 ipsec-isakmp </P><P> set peer yy.yy.yy.yy</P><P> set transform-set test1</P><P> match address test</P><P></P><P>I want to disable the ESP authentication due to a bug. How to do that? Do I have to do it on the routers in my network? What is the impact of disabling the ESP authentication?</P><P></P><P>Thnaks in advance..</P> Fri, 21 Feb 2020 18:17:23 GMT https://community.cisco.com/t5/network-access-control/disabling-esp-authentication/m-p/659484#M5659 Ahmede 2020-02-21T18:17:23Z https://community.cisco.com/t5/network-access-control/disabling-esp-authentication/m-p/659485#M5661 <HTML><HEAD></HEAD><BODY><P>Friend,</P><P></P><P>USe AH instead of ESP and check</P><P></P><P>HTH</P><P>Narayan</P></BODY></HTML> Sun, 31 Dec 2006 11:32:07 GMT https://community.cisco.com/t5/network-access-control/disabling-esp-authentication/m-p/659485#M5661 royalblues 2006-12-31T11:32:07Z https://community.cisco.com/t5/network-access-control/disabling-esp-authentication/m-p/659486#M5662 <HTML><HEAD></HEAD><BODY><P>Dear Ahmede,</P><P></P><P>I belive you have modified the configuration while pasting it.</P><P></P><P>Please note that the Tansform set called in configuration is test1, however the only transform set created is test.</P><P></P><P>Can u please share the debug log?</P><P></P><P>Also: </P><P></P><P>Incase you have to change the Authentication to AH mode, you must do it at both the IPsec peering routers.</P><P></P><P>Caution:</P><P></P><P>1&gt; ACL must be mirror image at both end</P><P>2&gt; Crypto Policy and Key must be same</P><P>3&gt; Crypto transform set must be identical</P><P></P><P>Reg - Impact on disabling ESP</P><P></P><P>Please note that ESP is more preferred security protocol for IPsec, as it provides confidentiality ( encryption ) along with optional data authentication.</P><P></P><P></P><P>Impact in general would be that Secure traffic will be not encrypted while travelling between Peers. Rest assured the services will run fine with AH ( Assuming no new bug bugging Routers :)) )</P><P></P><P>Please share your experience.</P><P></P><P>Regards,</P><P>Prince</P></BODY></HTML> Sun, 31 Dec 2006 17:51:01 GMT https://community.cisco.com/t5/network-access-control/disabling-esp-authentication/m-p/659486#M5662 prince123 2006-12-31T17:51:01Z