No index entries found.
Download This Guide
Related Documentation
- Dynamic VPN Overview
- Group VPN Overview
- IPsec VPN Overview
- Monitoring VPNs
encryption-algorithm (Security IKE)
Syntax
Hierarchy Level
Release Information
Statement introduced in Junos OS Release 8.5. Support for group-vpn hierarchies added in Junos OS Release 10.2. Support for aes-128-gcm and aes-256-gcm options added in Junos OS Release 12.3X48-D20.
Description
Configure an encryption algorithm for an IKE proposal.
 | Note: The device does not delete existing IPsec SAs when you update the encryption-algorithm configuration in the IKE proposal. |
Options
3des-cbc | — | Has a block size of 24 bytes; the key size is 192 bits long. |
aes-128-cbc | — | Advanced Encryption Standard (AES) 128-bit encryption algorithm. |
aes-128-gcm | — | AES 128-bit authenticated encryption algorithm supported with IKEv2 only. When this option is used, aes-128-gcm must be configured at the [edit security ipsec proposal proposal-name] hierarchy level, and the authentication-algorithm option must not be configured at the [edit security ike proposal proposal-name] hierarchy level. This option is not supported on Group VPN. |
aes-192-cbc | — | AES 192-bit encryption algorithm. |
aes-256-cbc | — | AES 256-bit encryption algorithm. |
aes-256-gcm | — | AES 256-bit authenticated encryption algorithm supported with IKEv2 only. When this option is used, aes-256-gcm must be configured at the [edit security ipsec proposal proposal-name] hierarchy level, and the authentication-algorithm option must not be configured at the [edit security ike proposal proposal-name] hierarchy level. This option is not supported on Group VPN. |
des-cbc | — | Has a block size of 8 bytes; the key size is 48 bits long. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Related Documentation
- Dynamic VPN Overview
- Group VPN Overview
- IPsec VPN Overview
- Monitoring VPNs
