Cisco MDS 9000 Series Configuration Manual page 208

Configuring Transform Sets
Parameter
hash/authentication algorithm 1 (optional)
3
4
The following table lists the supported and verified settings for IPsec and IKE encryption authentication
algorithms on the Microsoft Windows and Linux platforms:
Platform
Microsoft iSCSI initiator, Microsoft IPsec
implementation on Microsoft Windows 2000
platform
Cisco iSCSI initiator,Free Swan IPsec
implementation on Linux platform
Configuring Transform Sets
To configure transform sets, follow these steps:
Procedure
Step 1 switch# configure terminal
switch(config)#
Enters configuration mode.
Step 2
switch(config)# crypto transform-set domain ipsec test esp-3des esp-md5-hmac
Configures a transform set called test specifying the 3DES encryption algorithm and the MD5 authentication
algorithm. Refer to IPsec Transform Configuration Parameters table to verify the allowed transform
combinations.
Step 3
switch(config)# no crypto transform-set domain ipsec test esp-3des esp-md5-hmac
(Optional) Deletes the applied transform set.
Step 4 switch(config)# crypto transform-set domain ipsec test esp-3des
Configures a transform set called test specifying the 3DES encryption algorithm. In this case, the default no
authentication is performed.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
190
If you configure the AES counter (CTR) mode, you must also configure the authentication algorithm.
Starting from Cisco MDS NX-OS Release 5.2(2), the esp-aes-xcbc-mac authentication algorithm is
not supported.
Accepted Values Keyword
SHA-1 (HMAC variant) esp-sha1-hmac
SHA-2 (HMAC variant) esp-sha256-hmac
MD5 (HMAC variant)
esp-sha512-hmac
AES-XCBC-MAC
esp-md5-hmac
esp- aes-xcbc-mac
4
IKE
3DES, SHA-1, SHA-2, or MD5,
DH group 2
3DES, MD5, DH group 1
Configuring IPSec Network Security
IPsec
3DES, SHA-1, SHA-2
3DES, MD5