12-01-2003 09:01 AM - edited 02-21-2020 12:54 PM
Because of local laws, we are forced to setup a VPN site-to-site Internet tunnel without encryption. The question is: is it possible to configure IPSEC without encryption. If yes, which changes should I apply to the standard IPSEC configuration?
12-01-2003 09:08 AM
You can indeed use IPsec without encryption. Just use authentication. You need to configure your IPsec transform set something like this:
crypto ipsec transform-set ts ah-md5-hmac
or
crypto ipsec transform-set ts ah-sha-hmac
Hope this helps,
01-16-2004 11:08 AM
There is also the following :
esp-null ESP transform w/o cipher
You can add this to your tansform-set.
01-16-2004 11:46 AM
I suggest you just use GRE Tunneling and Authentication Header (AH) with Transport Mode.
Protect the GRE Tunnel Endpoints with AH
You can make sure that Data Traffic is not tampered with along the way (it is checksumed with MD5). But Encryption does not take place.
This design is more modular, as you can take the IPSec config away and your GRE will still work, if you ever wish to migrate to ESP (with DES or 3DES encryption).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide