cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Doubt about Phase 1 and Phase 2 encryption and authentication.

ciscolover
Beginner
Beginner

Hi all,

 

I have an IPSEC tunnel created. I have some doubts about encryption and authentication of phase 1 and phase 2. 

 

With show crypto isakmp policy 10 I can see:

  • Encryption algoritm DES
  • Has MD5
  • Authentication Method Preshared KEY.

I think this is phase 1 and Is negotiated bith DES for encryption.

 

My doubt is about phase 2. What is the encryption and authentication method for phase 2. The same of phase 1? Or another?  I have a transform set with esp-des esp-md5-hmac. Maybe esp-des is the encryption method for phase 2 and esp-md5-hmac the authentication method? Or not? 

 

What is the encryption and authentication of my phase 2 tunnel? Thanks ¡¡¡

 

1 ACCEPTED SOLUTION

Accepted Solutions

Pawan Raut
Enthusiast
Enthusiast

the transform set is the encryption and auth method for phase 2.

on ASA you can verify the phase 1 and phase 2 parameter using below coomand

sh vpn-sessiondb l2l

 

Regards,

Pawan (CCIE#52104)

 

Kindly rate for helpful post

View solution in original post

3 REPLIES 3

Pawan Raut
Enthusiast
Enthusiast

the transform set is the encryption and auth method for phase 2.

on ASA you can verify the phase 1 and phase 2 parameter using below coomand

sh vpn-sessiondb l2l

 

Regards,

Pawan (CCIE#52104)

 

Kindly rate for helpful post

Thanks for your reply.

 

I would like to create the tunnel with a FW (fortigate) and a CISCO 1841. I'm configuring the CISCO 1841.

 

The client configures the FW and for phase 2 indicates this:

Encryption AES256

Authentication SHA256.

 

I don't find exactly this encryption and authentication method in the transform set options. Maybe the correct is this? I cant' find esp-sha and the 256 option...

crypto ipsec transform-set test esp-aes 256 esp-sha-hmac

 

Thats correct

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: