[Contents][Prev][Next][Index][Report an Error]

Configuring an IKE Encryption Algorithm

To configure an IKE encryption algorithm, include the encryption-algorithm statement at the [edit services ipsec-vpn ike proposal proposal-name] hierarchy level:




encryption-algorithm algorithm;

The encryption algorithm can be one of the following:

3des-cbc—Cipher block chaining encryption algorithm with a key size of 24 bytes; its key size is 192 bits long.
des-cbc—Cipher block chaining encryption algorithm with a key size of 8 bytes; its key size is 56 bits long.
aes-128-cbc—Advanced Encryption Standard (AES) 128-bit encryption algorithm.
aes-192-cbc—Advanced Encryption Standard (AES) 192-bit encryption algorithm.
aes-256-cbc—Advanced Encryption Standard (AES) 256-bit encryption algorithm.

Note: For a list of Data Encryption Standard (DES) encryption algorithm weak and semiweak keys, see RFC 2409, The Internet Key Exchange (IKE). The AES encryption algorithms use a software implementation that has much lower throughput, so DES remains the recommended option.

For 3des-cbc, the first 8 bytes should differ from the second 8 bytes, and the second 8 bytes should be the same as the third 8 bytes.

If you configure an authentication proposal but do not include the encryption statement, the result is NULL encryption. Certain applications expect this result. If you configure no specific authentication or encryption values, the JUNOS software uses the default values of sha1 for the authentication and 3des-cbc for the encryption.

[Contents][Prev][Next][Index][Report an Error]