06-04-2008 04:23 AM - edited 03-12-2019 05:57 PM
I found a strange thing in our VPN concentrator 3000. Under IKe Proposal, I do not find if AH. Only ESP combination what I find. Any idea, how I would be able to activate that AH on my box?
Thanks
Arabinda
Solved! Go to Solution.
06-10-2008 11:27 PM
No problem at all, you should push them to use ESP anyway (even in future) as AH does not offer encryption and is not NAT/PAT aware.
Its only useful for some special purposes now (I think IPV6 OSPF uses it for security purposes).
Please rate helpful posts.
Regards
Farrukh
06-10-2008 10:57 AM
Refer to the "policy management" section of "VPN 3000 Series Concentrator Reference Volume I: Configuration, Release 4.1" present in the following url for more related information:
http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_41/configuration/guide/polmgt.html
06-10-2008 11:25 AM
Hey why do you want to use AH anyway, its lame :)
Anyway this is from Richard Deal's excellent book "The Complete Cisco VPN Configuration Guide"
"Please note that the concentrator doesn't support AH for L2L sessions, whereas the other VPN gateway products, like Cisco Routers, do." Pg 333
Regards
Farrukh
06-10-2008 09:16 PM
Hi Farrukh,
We are a offshore development center. Sometimes we need to use those IKE parameters which our client engineers want to. No worries time the client agreed to use ESP, so all set now.
Thank you for the valuable info.
Thanks
Arabinda
06-10-2008 11:27 PM
No problem at all, you should push them to use ESP anyway (even in future) as AH does not offer encryption and is not NAT/PAT aware.
Its only useful for some special purposes now (I think IPV6 OSPF uses it for security purposes).
Please rate helpful posts.
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide