encryption-algorithm
Use encryption-algorithm to specify an encryption algorithm for an IKE proposal.
Use undo encryption-algorithm to restore the default.
Syntax
In non-FIPS mode:
encryption-algorithm { 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | des-cbc }
undo encryption-algorithm
In FIPS mode:
encryption-algorithm { aes-cbc-128 | aes-cbc-192 | aes-cbc-256 }
undo encryption-algorithm
Default
In non-FIPS mode, an IKE proposal uses the 56-bit DES encryption algorithm in CBC mode.
In FIPS mode, an IKE proposal uses the 128-bit AES encryption algorithm in CBC mode.
Views
IKE proposal view
Predefined user roles
network-admin
mdc-admin
Parameters
3des-cbc: Specifies the 3DES algorithm in CBC mode. The 3DES algorithm uses a 168-bit key for encryption.
aes-cbc-128: Specifies the AES algorithm in CBC mode. The AES algorithm uses a 128-bit key for encryption.
aes-cbc-192: Specifies the AES algorithm in CBC mode. The AES algorithm uses a 192-bit key for encryption.
aes-cbc-256: Specifies the AES algorithm in CBC mode. The AES algorithm uses a 256-bit key for encryption.
des-cbc: Specifies the DES algorithm in CBC mode. The DES algorithm uses a 56-bit key for encryption.
Examples
# Use the 128-bit AES algorithm in CBC mode as the encryption algorithm for IKE proposal 1.
<Sysname> system-view [Sysname] ike proposal 1 [Sysname-ike-proposal-1] encryption-algorithm aes-cbc-128
Related commands
display ike proposal