encryption-algorithm (Security IKE)
Syntax
encryption-algorithm (3des-cbc | aes-128-cbc | aes-128-gcm | aes-192-cbc | aes-256-cbc | aes-256-gcm | chacha20-poly1305 | des-cbc);
Hierarchy Level
[edit security ike proposal proposal-name]
Description
Configure an encryption algorithm for
an IKE proposal. The device does not delete existing IPsec SAs when
you update the encryption-algorithm configuration in the
IKE proposal.
Options
3des-cbc |
Has a block size of 24 bytes; the key size is 192 bits long. |
aes-128-cbc |
Advanced Encryption Standard (AES) 128-bit encryption algorithm. |
aes-128-gcm |
AES 128-bit authenticated encryption algorithm supported with IKEv2 only.
When this option is used, When |
aes-192-cbc |
AES 192-bit encryption algorithm. |
aes-256-cbc |
AES 256-bit encryption algorithm. |
aes-256-gcm |
AES 256-bit authenticated encryption algorithm supported with IKEv2 only.
When this option is used, Note:
Integrity cannot be set with AES-GCM encryption algorithm. |
|
Chacha20-Poly1305 authenticated encryption algorithm. On the supported devices, you can use the algorithm with IKEv2 only for control plane security. Note that you cannot use the algorithm on SRX1500 Firewalls. |
des-cbc |
Has a block size of 8 bytes; the key size is 48 bits long. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release
8.5. Support for aes-128-gcm and aes-256-gcm
options added in Junos OS Release 15.1X49-D40.
Starting in Junos OS Release 20.2R1, we’ve changed the help text description as
NOT RECOMMENDED for the CLI options 3des-cbc
and des-cbc for devices running IKED with
junos-ike package installed.
Support for the chacha20-poly1305 option added to SRX1600, SRX2300,
SRX4300, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX 3.0 in Junos OS Release
24.2R1.