encryption-algorithm (Security IKE)

Syntax

Hierarchy Level

Description

Configure an encryption algorithm for an IKE proposal. The device does not delete existing IPsec SAs when you update the encryption-algorithm configuration in the IKE proposal.

Options

`3des-cbc`	Has a block size of 24 bytes; the key size is 192 bits long.
`aes-128-cbc`	Advanced Encryption Standard (AES) 128-bit encryption algorithm.
`aes-128-gcm`	AES 128-bit authenticated encryption algorithm supported with IKEv2 only. When this option is used, `aes-128-gcm` should be configured at the [`edit security ipsec proposal proposal-name`] hierarchy level, and the `authentication-algorithm` option should not be configured at the [`edit security ike proposal proposal-name`] hierarchy level. When `aes-128-gcm` or `aes-256-gcm` encryption algorithms are configured in the IPsec proposal, it is not mandatory to configure AES-GCM encryption algorithm in the corresponding IKE proposal.
`aes-192-cbc`	AES 192-bit encryption algorithm.
`aes-256-cbc`	AES 256-bit encryption algorithm.
`aes-256-gcm`	AES 256-bit authenticated encryption algorithm supported with IKEv2 only. When this option is used, `aes-256-gcm` should be configured at the [`edit security ipsec proposal proposal-name`] hierarchy level, and the `authentication-algorithm` option should not be configured at the [`edit security ike proposal proposal-name`] hierarchy level. Note: Integrity cannot be set with AES-GCM encryption algorithm.
`des-cbc`	Has a block size of 8 bytes; the key size is 48 bits long.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5. Support for aes-128-gcm and aes-256-gcm options added in Junos OS Release 15.1X49-D40.

Starting in Junos OS Release 20.2R1, we’ve changed the help text description as NOT RECOMMENDED for the CLI options 3des-cbc and des-cbc.

ON THIS PAGE