10. Use the Transform Policies page to configure the transform policies and to specify a transform set for the IPsec VPN policy. You can choose the default or a custom transform set.
11. Click Add to add a transform set.
Other options: To edit an entry, click Edit. To delete an entry, select it and click Delete. The default transform set (DefaultTrans) cannot be edited or deleted.
12. Enter the following information:
• Name: Enter the name for the transform set.
• Integrity: Choose the hash algorithm used to ensure data integrity. The hash algorithm ensures that a packet comes from where it says it comes from, and that it has not been modified in transit.
– ESP_SHA1_HMAC: Authentication with SHA1 (160-bit).
– ESP_MD5_HMAC: Authentication with MD5 (128-bit). MD5 has a smaller digest and is considered to be slightly faster than SHA1. A successful (but extremely difficult) attack against MD5 has occurred; however, the HMAC variant that IKE uses prevents this attack.
• Encryption: Choose the symmetric encryption algorithm that protects data transmission between two IPsec peers. The default is ESP_3DES. The Advanced Encryption Standard supports key lengths of 128, 192, 256 bits.
– ESP_3DES: Encryption with 3DES (168-bit).
– ESP_AES_128: Encryption with AES (128-bit).
– ESP_AES_192: Encryption with AES (192-bit).
– ESP_AES_256: Encryption with AES (256-bit).