Re: Disabling ESP authentication

Ahmede · ‎12-29-2006

I have this IPsec configuration on one of my routers

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxxxxx address xx.xx.xx.xx

!

crypto ipsec transform-set test esp-3des esp-sha-hmac

!

crypto map MAP1 10 ipsec-isakmp

set peer yy.yy.yy.yy

set transform-set test1

match address test

I want to disable the ESP authentication due to a bug. How to do that? Do I have to do it on the routers in my network? What is the impact of disabling the ESP authentication?

Thnaks in advance..

royalblues · ‎12-31-2006

Friend,

USe AH instead of ESP and check

HTH

Narayan

prince123 · ‎12-31-2006

Dear Ahmede,

I belive you have modified the configuration while pasting it.

Please note that the Tansform set called in configuration is test1, however the only transform set created is test.

Can u please share the debug log?

Also:

Incase you have to change the Authentication to AH mode, you must do it at both the IPsec peering routers.

Caution:

1> ACL must be mirror image at both end

2> Crypto Policy and Key must be same

3> Crypto transform set must be identical

Reg - Impact on disabling ESP

Please note that ESP is more preferred security protocol for IPsec, as it provides confidentiality ( encryption ) along with optional data authentication.

Impact in general would be that Secure traffic will be not encrypted while travelling between Peers. Rest assured the services will run fine with AH ( Assuming no new bug bugging Routers :)) )

Please share your experience.

Regards,

Prince