Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
2
Helpful
2
Replies

crypto isakmp policy question

Go to solution
ColForbin
Level 1
Level 1

‎05-21-2025 11:26 AM

This calculator is the reason for this question:

https://ipsec-overhead-calculator.netsec.us/

If you have two cisco routers with a site to site tunnel using the following policy:

crypto isakmp policy 1

encryption aes256

hash sha512

group 16

authentication pre-share

crypto isakmp key Pass123 address 1.1.1.1

crypto ipsec transform-set T1 esp-aes esp-sha-hmac

mode tunnel

crypto ipsec profile P1

set transform-set T1

What part matches which field in the calculator?  Specifically the AH, ESP - Encryption, ESP - Integrity fields....thanks!

 

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎05-21-2025 11:33 AM

@ColForbin the calculator is referring to the IPSec SA (transform set). Where you define ESP or AH (unlikely that is used) and the mode tunnel or transport.

RobIngram_0-1747852285920.png

crypto ipsec transform-set T1 esp-aes esp-sha-hmac
 mode tunnel

 

 

 

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎05-21-2025 11:33 AM

@ColForbin the calculator is referring to the IPSec SA (transform set). Where you define ESP or AH (unlikely that is used) and the mode tunnel or transport.

RobIngram_0-1747852285920.png

crypto ipsec transform-set T1 esp-aes esp-sha-hmac
 mode tunnel

 

 

 

Go to solution
ColForbin
Level 1
Level 1
In response to Rob Ingram

‎05-21-2025 02:54 PM

Thanks a bunch!

0 Helpful
Customers Also Viewed These Support Documents