encryption-algorithm (Security)
Syntax
encryption-algorithm (3des-cbc | des-cbc | aes-128-cbc | aes-128-gcm | aes-192-cbc | aes-256-cbc | aes-256-gcm);
Hierarchy Level
[edit security ike proposal ike-proposal-name], [edit security ipsec proposal ipsec-proposal-name]
Description
Configure an IKE or IPsec encryption algorithm. Two algorithms are supported: Cipher Block Chaining (CBC) and Galois/Counter Mode (GCM). CBC is older than GCM and is less secure. GCM is considered more secure than CBC since it provides built-in authentication and integrity checks. GCM is also more efficient for parallel processing, which can result in better performance for larger datasets.
Options
-
3des-cbc—Encryption algorithm with key size of 24 bytes; its key size is 192 bits long. -
des-cbc—Encryption algorithm with key size of 8 bytes; its key size is 48 bits long. -
aes-128-cbc—Advanced encryption algorithm that has a key size of 16 bytes; its key size is 128 bits long. -
aes-128-gcm—AES GCM 128-bit encryption algorithm. -
aes-192-cbc—Advanced encryption algorithm that has a key size of 24 bytes; its key size is 192 bits long. -
aes-256-cbc—Advanced encryption algorithm that has a key size of 32 bytes; its key size is 256 bits long. -
aes-256-gcm—AES GCM 256-bit encryption algorithm. For an IKE proposal, AES 256-bit authenticated encryption algorithm is supported with IKEv2 only. When this option is used, aes-256-gcm should be configured at the [edit security ipsec proposal proposal-name] hierarchy level, and the authentication-algorithm option should not be configured at the [edit security ike proposal proposal-name] hierarchy level.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.