In IPSec, a transform set is a combination of security protocols and algorithms.
During the IPSec security association negotiation, peers will agree to use a particular transform set for protecting data flows.
When an agreement for a transform set is found, it is used on the security association on both peers.
Authentication Header Transform Sets
Authentication Header provides no encryption capabilities so is not recommended
ah-md5-hmac – Authentication header with the MD5 authentication algorithm
ah-sha-hmac – Authentication header with the SHA authentication algorithm
ah-sha256-hmac – Authentication header with the 256-bit SHA authentication algorithm
ah-sha384-hmac – Authentication header with the 384-bit SHA authentication algorithm
ah-sha512-hmac – Authentication header with the 512-bit SHA authentication algorithm
Encapsulating Security Payload
Encryption Transforms
esp-aes – Encapsulating security payload utilising the 128-bit AES encryption algorithm
esp-gcm – Encapsulating security payload utilising a 128-bit or 256-bit authentication encryption algorithm (gcm)
esp-gmac – Encapsulating security payload utrilising a 128-bit or 256-bit authentication algorithm without encyption
esp-aes 192 – Encapsulating security payload utilising 192-bit AES encryption algorithm
esp-aes 256 – Encapsulating security payload utilising 256-bit AES encryption algorithm
esp-des – Encapsulating security payload utilising DES encryption
esp-3des – Encapsulating security payload utilising triple DES encryption
Authentication Transforms
esp-md5-hmac – Encapsulating security payload utilising the HMAC variant of MD5 authentication algorithm.
esp-sha-hmac – Encapsulating security payload utilising the SHA HMAC variant of an authentication algorithm.
IP Compression Transform
comp-lzs – IP compression algorithm with Lempel-Ziv-Stac (LZS) algorithm
Leave a Reply