[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring the Encryption Algorithm and Key

To configure IPSec encryption, include the encryption statement and specify an algorithm and key at the [edit security ipsec security-association sa-name manual direction (inbound | outbound | bi-directional)] hierarchy level:



[edit security ipsec security-association sa-name manual direction (inbound | outbound | bi-directional)]

encryption {
algorithm (des-cbc | 3des-cbc); 
key (ascii-text key | hexadecimal key);
}

The algorithm can be one of the following:

des-cbc—Encryption algorithm that has a block size of 8 bytes; its key size is 64 bits long.

3des-cbc—Encryption algorithm that has a block size of 24 bytes; its key size is 192 bits long.

Note: For a list of Data Encryption Standard (DES) encryption algorithm weak and semiweak keys, see RFC 2409. For 3des-cbc, we recommend that the first 8 bytes not be the same as the second 8 bytes, and that the second 8 bytes be the same as the third 8 bytes.

The key can be one of the following:

ascii-text—ASCII text key. With the des-cbc option, the key contains 8 ASCII characters. With the 3des-cbc option, the key contains 24 ASCII characters.
hexadecimal—Hexadecimal key. With the des-cbc option, the key contains 16 hexadecimal characters. With the 3des-cbc option, the key contains 48 hexadecimal characters.

Note: You cannot configure encryption when you use the AH protocol.

[Contents] [Prev] [Next] [Index] [Report an Error]