Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


internal (Security IPsec)


Hierarchy Level


Enable secure login and to prevent attackers from gaining privileged access through this control port by configuring the internal IP security (IPsec) security association (SA).

When the internal IPsec is configured, IPsec-based rlogin and remote command (rcmd) are enforced, so an attacker cannot gain unauthorized information.



Specify an IPsec SA. An SA is a simplex connection that allows two hosts to communicate with each other securely by means of IPsec.

manual encryption

Specify a manual SA. Manual SAs require no negotiation; all values, including the keys, are static and specified in the configuration.

algorithm 3des-cbc

Specify the encryption algorithm for the internal Routing-Engine-to-Routing-Engine IPsec SA configuration.

algorithm aes-128-cbc

Specify the encryption algorithm for high availability encryption link.


Enable encryption for internal messages.

  • Values:

    • enable—Enable HA link encryption IKE internal messages

key ascii-text

Specify the encryption key. You must ensure that the manual encryption key is in ASCII text and 24 characters long; otherwise, the configuration will result in a commit failure.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.1X45-D10.

Support for ike-ha-link-encryption option added in Junos OS Release 12.1X47-D15.

Support for iked_encryption option added in Junos OS Release 12.1X47-D10.

Support for aes-128-cbc option added in Junos OS Release 19.1R1.

Support for ike-ha-link-encryption option added for vSRX in Junos OS Release 19.4R1