Home Page

VPN & Cryptography

Firewalls

Email & Spam

Security Terminology

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

Proposals & Transform Sets - IPsec VPN Tunnels

 

 

VPN Proposals, also known as Transform Sets, are a set of protocols and algorithms specified on a gateway to secure data over an IPsec VPN tunnel. The three factors that make up a Proposal or Transform Set are data encryption, data authentication and encapsulation mode. A Proposal/Transform Set is like a profile with a specific combination of protocols and algorithms that an end user may choose to use as part of the security parameters for an IPsec VPN tunnel.

The following details provide an example of a Proposal/Transform Set that can be used to setup an IPsec VPN tunnel:

Data Encryption: AES 256 bit for encryption,

Data Authentication: Sha-1 for Authentication

Asymmetric Key Algorithm: Diffie-Hellman key group 5 - For public key cryptography.

The above is an example of a Proposal or Transform Set that will be configured on the VPN gateway devices that need to establish a VPN tunnel. The peer VPN devices must use the exact same settings to successfully establish a VPN tunnel. Most VPN devices allow for the configuration of multiple Proposals with different combination of algorithms to fall back on if the primary Proposal did not match.

Further Reading

Wikipedia's guide to IPSec