Skip navigation
Login   |   Register
Cisco Learning Home > CCNP Security Study Group > Discussions
1760 Views 15 Replies Latest reply: Mar 19, 2012 7:15 AM by Keith Barker - CCIE RS/Security, CISSP RSS Go to original post 1 2 Previous Next

Currently Being Moderated
  • Keith Barker - CCIE RS/Security, CISSP 5,327 posts since
    Jul 3, 2009
    Currently Being Moderated
    15. Mar 19, 2012 7:15 AM (in response to Cristian)

    Cristian wrote:


    In my version of IOS, after completing the set-up of the IPSEC profile with a default transform set, the command:


    show crypto ipsec profile


    gave me the following:


    IPSEC profile NNNNN

              Security association lifetime: 4608000 kilobytes/3600 seconds

              PFS (Y/N): N

              Transform sets={



    Now, I wonder if this means "absence of a valid transform-set" or simply "use an (implicit) default trasnform-set".

    I am more for the first option, however the official cert guide says that creating a new ipsec profile is enough.

    Official documentation on makes you create a transform-set.


    Probably an issue of IOS version, I don't know.


    From now on, I will declare a transform-set.




    Hope to be helpful.






    I think the output reflects that there isn't a transform set, and that you need to create and assign one for the IKE phase 2 to work.  


    Keep up the good work.


    Best wishes,



    Join this discussion now: Login / Register


More Like This

  • Retrieving data ...

Bookmarked By (0)