Internet Protocol Security (IPSec)Internet protocol security (IPSec) is an end-to-end security scheme for protecting IP communications by authenticating and encrypting allpackets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways.IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel.• Transport mode — (default) Use to encrypt only the payload of the packet. Routing information is unchanged.• Tunnel mode — Use to encrypt the entire packet including the routing information of the IP header. Typically used when creating virtualprivate networks (VPNs).NOTE: Due to performance limitations on the control processor, you cannot enable IPSec on all packets in a communicationsession.IPSec uses the following protocols:• Authentication Headers (AH) — Disconnected integrity and origin authentication for IP packets• Encapsulating Security Payload (ESP) — Confidentiality, authentication, and data integrity for IP packets• Security Associations (SA) — Necessary algorithmic parameters for AH and ESP functionalityIPSec supports the following authentication and encryption algorithms:• Authentication only:• MD5• SHA1• Encryption only:• 3DES• CBC• DES• ESP Authentication and Encryption:• MD5 & 3DES• MD5 & CBC• MD5 & DES• SHA1 & 3DES• SHA1 & CBC• SHA1 & DESConfiguring IPSecThe following sample configuration shows how to configure FTP and telnet for IPSec.1 Define the transform set.CONFIGURATION modecrypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption des2 Define the crypto policy.CONFIGURATION mode23432 Internet Protocol Security (IPSec)