encryption-algorithm
Function
The encryption-algorithm command specifies an encryption algorithm for an IKE proposal.
The undo encryption-algorithm command restores the default setting.
By default, 256-bit AES-CBC is used as the encryption algorithm.
This command is supported only on the NetEngine 8000 F1A.
Parameters
| Parameter | Description | Value |
|---|---|---|
| 3des-cbc |
Specifies the 192-bit 3DES-CBC encryption algorithm for an IKE proposal. The encryption algorithms 3DES have a low security, which may bring security risks. If protocols allowed, using more secure encryption algorithms, such as AES, is recommended. |
- |
| aes-cbc |
Specifies the AES-CBC encryption algorithm for an IKE proposal. There are three values for the key length, to provide security protection of different levels. |
The available options are 128, 192, and 256, indicating that the AES key length can be 128 bits, 192 bits, and 256 bits respectively. By default, the AES key length is 256 bits. |
| 128 |
Specifies the key length of 128 bits. |
- |
| 192 |
Specifies the key length of 192 bits. |
- |
| 256 |
Specifies the key length of 256 bits. |
- |
| des-cbc |
Specifies the 64-bit DES-CBC encryption algorithm for an IKE proposal. The encryption algorithms DES have a low security, which may bring security risks. If protocols allowed, using more secure encryption algorithms, such as AES, is recommended. |
- |
| aes-gcm-128 |
Specifies the AES-GCM-128 encryption algorithm for an IKE proposal. There are three values for the key length, to provide security protection of different levels. |
The available options are 128, 192, and 256, indicating that the AES key length can be 128 bits, 192 bits, and 256 bits respectively. |
Usage Guidelines
To improve the system security, using the DES-CBC/3DES-CBC encryption algorithm for the IKE negotiation is not recommended.
After the aes-gcm-128 { 128 | 192 | 256 } parameter is configured in the encryption-algorithm command, the integrity mechanism configured using the integrity-algorithm command fails.