internal (Security IPsec)


internal {security-association {manual encryption {iked_encryption enabledalgorithm 3des-cbc;key ascii-text key;}}

Hierarchy Level

[edit security ipsec internal-security-association]

Release Information

Statement introduced in Junos OS Release 12.1X45-D10.

Support for iked_encryption option added in Junos OS Release 12.1X47-D15.


Enable secure login by configuring the internal IP security (IPsec) security association (SA). When the internal IPsec is configured, IPsec-based rlogin and remote command (rcmd) are enforced, so an attacker cannot gain unauthorized information.



Specify an IPsec SA.

manual encryption

Specify a manual SA.


Select the iked encryption option.


Specify the encryption algorithm for the internal Routing-Engine-to-Routing-Engine IPsec SA configuration.

Note: Only the 3des-cbc encryption algorithm is supported.


Specify the encryption key. You must ensure that the manual encryption key is in ASCII text and 24 characters long; otherwise, the configuration will result in a commit failure.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Related Documentation