Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

 

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

Proposals or Transform Sets - Setup IPSec tunnel VPN Guide

 

 

Proposals / Transform Sets

VPN Proposals or Transform sets is a set of protocols and algorithms specified on a gateway to secure data. The three factors that make up a proposal or transform set are data encryption, data authentication and the encapsulation mode. A proposal/transform set is like a profile with a specific combination of protocols and algorithms that an end user may choose to use for their VPN\IPSec security parameters.

For example a VPN gateway at a bank with highly confidential data I may want to use;

AES 256 bit for encryption,

Sha-1 for Authentication

Diffie-Hellman key group 5 - For public key cryptography.

 

The above would be my proposal or transform set for a bank. I may name this proposal "High-Security" for my own reference. However the peer device connecting to my bank must also use the exact same settings as above to successfully create a VPN tunnel. Although if a remote peer does not use the same settings you can configure other proposals with alternative settings to fall back on. So you may specify your ideal protocol and algorithms to use in your first proposal and then below this a fallback proposal which could be used if a remote peer has a different combination of protocols and algorithms specified as it’s proposal.

Another way to describe proposals or transform sets are to describe them to mobile phone profiles. Usually your outdoor profile would be on the highest volume, constant ringing, keypad tone will be enabled and so on. To select from silent to loud you would just select the profile named "Outdoor", and all the settings within this profile would be enabled. Well this would be the same for my VPN profile "High-Security" mentioned above. I may use "High-Security for a specific VPN connection and whatever settings it holds in it's proposal would be enabled for that VPN connection.

Further Reading

Wikipedia's guide to IPSec