Technical Documentation

encryption

Syntax

encryption {algorithm algorithm;key (ascii-text key | hexadecimal key);}

Hierarchy Level

[edit services ipsec-vpn rule rule-name term term-name then manual direction direction]

Release Information

Statement introduced before JUNOS Release 7.4.

aes-128-cbc, aes-192-cbc, and aes-256-cbc options added in JUNOS Release 7.6.

Description

Configure an encryption algorithm and key for manual SA.

Options

algorithm—Type of encryption algorithm. The algorithm can be one of the following:

  • des-cbc—Has a block size of 8 bytes (64 bits); the key size is 48 bits long.
  • 3des-cbc—Has a block size of 8 bytes (64 bits); the key size is 192 bits long.
  • aes-128-cbc—Advanced Encryption Standard (AES) 128-bit encryption algorithm.
  • aes-192-cbc—Advanced Encryption Standard (AES) 192-bit encryption algorithm.
  • aes-256-cbc—Advanced Encryption Standard (AES) 256-bit encryption algorithm.

    Note: For 3des-cbc, the first 8 bytes should differ from the second 8 bytes, and the second 8 bytes should be the same as the third 8 bytes.

key—Type of encryption key. The key can be one of the following:

  • ascii-text—ASCII text key. Following are the key lengths, in ASCII characters, for the different encryption options:
    • des-cbc option, 8 ASCII characters
    • 3des-cbc option, 24 ASCII characters
    • aes-128-cbc option, 16 ASCII characters
    • aes-192-cbc option, 24 ASCII characters
    • aes-256-cbc option, 32 ASCII characters
  • hexadecimal—Hexadecimal key. Following are the key lengths, in hexadecimal characters, for the different encryption options:
    • des-cbc option, 16 hexadecimal characters
    • 3des-cbc option, 48 hexadecimal characters
    • aes-128-cbc option, 32 hexadecimal characters
    • aes-192-cbc option, 48 hexadecimal characters
    • aes-256-cbc option, 64 hexadecimal characters

Usage Guidelines

See Configuring Encryption for a Manual IPsec SA.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.


Published: 2010-04-28