Adding a new transform set – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Brocade Mobility RFS7000-GR Controller System Reference Guide

387

53-1001944-01

Configuring IPSec VPN

6

Adding a new transform set

A transform set represents a combination of security protocols and algorithms. During the IPSec
security association negotiation, peers agree to use a particular transform set for protecting data
flow. If the attributes of an existing transform set no longer lend themselves useful, and an existing
transform set is not required, create a new transform set to meet the needs of your network.

To edit the attributes of an existing transform set:

1. Select Security > IPSec VPN from the main menu tree.

2. Click the Configuration tab.

3. Click the Add button.

4. Define the following information as required for the new transform set.

Name

Create a name describing this new transform set.

ESP Encryption Scheme

Select the Use ESP checkbox to define the ESP Encryption Scheme. Options
include:

•

None - No ESP encryption is used with the transform set.

•

ESP-DES - ESP with the 56-bit DES encryption algorithm.

•

ESP-3DES - ESP with 3DES, ESP with AES.

•

ESP-AES - ESP with 3DES, ESP with AES (128 bit key).

•

ESP-AES 192 - ESP with 3DES, ESP with AES (192 bit key).

•

ESP-AES 256 - ESP with 3DES, ESP with AES (256 bit key).

ESP Authentication
Scheme

Select the Use ESP checkbox to define the ESP Authentication Scheme. Options
include:

•

None - No ESP authentication is used with the transform set.

•

MD5-HMAC - AH with the MD5 (HMAC variant) authentication algorithm.

•

SHA-HMAC - AH with the SHA (HMAC variant) authentication algorithm.

Mode

Define the current mode used with the transform set. The mode is either Tunnel or
Transport.