encryption-algorithm (Security IKE)
Syntax
encryption-algorithm (3des-cbc
| aes-128-cbc | aes-128-gcm | aes-192-cbc | aes-256-cbc | aes-256-gcm
| des-cbc);
Hierarchy Level
[edit security ike proposal proposal-name]
Release Information
Statement introduced in Junos OS Release 8.5. Support for aes-128-gcm and aes-256-gcm options added in Junos OS Release 15.1X49-D40.
Starting in Junos OS Release 20.2R1, we’ve changed the help text description as NOT RECOMMENDED for the CLI options 3des-cbc and des-cbc.
Description
Configure an encryption algorithm for an IKE proposal. The device does not delete existing IPsec SAs when you update the encryption-algorithm configuration in the IKE proposal.
Options
3des-cbc—Has a block size of 24 bytes; the key size is 192 bits long.
aes-128-cbc—Advanced Encryption Standard (AES) 128-bit encryption algorithm.
aes-128-gcm—AES 128-bit authenticated encryption algorithm supported with IKEv2
only. When this option is used, aes-128-gcm should be configured
at the [edit security ipsec proposal proposal-name] hierarchy level, and the authentication-algorithm option should not be configured at the [edit security ike proposal proposal-name] hierarchy level.
When aes-128-gcm or aes-256-gcm encryption algorithms are configured in the IPsec proposal, it is not mandatory to configure AES-GCM encryption algorithm in the corresponding IKE proposal.
aes-192-cbc—AES 192-bit encryption algorithm.
aes-256-cbc—AES 256-bit encryption algorithm.
aes-256-gcm—AES 256-bit authenticated encryption algorithm supported with IKEv2
only. When this option is used, aes-256-gcm should be configured
at the [edit security ipsec proposal proposal-name] hierarchy level, and the authentication-algorithm option should not be configured at the [edit security ike proposal proposal-name] hierarchy level.
des-cbc—Has a block size of 8 bytes; the key size is 48 bits long.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.