Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

Related Documentation

  • Dynamic VPN Overview
  • Group VPN Overview
  • IPsec VPN Overview
  • Monitoring VPNs

encryption-algorithm (Security IKE)

Syntax

encryption-algorithm (3des-cbc | aes-128-cbc | aes-128-gcm | aes-192-cbc | aes-256-cbc | aes-256-gcm | des-cbc);

Hierarchy Level

[edit security group-vpn member ike proposal proposal-name][edit security group-vpn server ike proposal proposal-name][edit security ike proposal proposal-name]

Release Information

Statement introduced in Junos OS Release 8.5. Support for group-vpn hierarchies added in Junos OS Release 10.2. Support for aes-128-gcm and aes-256-gcm options added in Junos OS Release 12.3X48-D20.

Description

Configure an encryption algorithm for an IKE proposal.

Note: The device does not delete existing IPsec SAs when you update the encryption-algorithm configuration in the IKE proposal.

Options

3des-cbc

Has a block size of 24 bytes; the key size is 192 bits long.

aes-128-cbc

Advanced Encryption Standard (AES) 128-bit encryption algorithm.

aes-128-gcm

AES 128-bit authenticated encryption algorithm supported with IKEv2 only. When this option is used, aes-128-gcm must be configured at the [edit security ipsec proposal proposal-name] hierarchy level, and the authentication-algorithm option must not be configured at the [edit security ike proposal proposal-name] hierarchy level. This option is not supported on Group VPN.

aes-192-cbc

AES 192-bit encryption algorithm.

aes-256-cbc

AES 256-bit encryption algorithm.

aes-256-gcm

AES 256-bit authenticated encryption algorithm supported with IKEv2 only. When this option is used, aes-256-gcm must be configured at the [edit security ipsec proposal proposal-name] hierarchy level, and the authentication-algorithm option must not be configured at the [edit security ike proposal proposal-name] hierarchy level. This option is not supported on Group VPN.

des-cbc

Has a block size of 8 bytes; the key size is 48 bits long.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Related Documentation

  • Dynamic VPN Overview
  • Group VPN Overview
  • IPsec VPN Overview
  • Monitoring VPNs

Modified: 2016-05-01