encryption-algorithm

Use encryption-algorithm to specify an encryption algorithm for an IKE proposal.

Use undo encryption-algorithm to restore the default.

Syntax

In non-FIPS mode:

encryption-algorithm { 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | des-cbc }

undo encryption-algorithm

In FIPS mode:

encryption-algorithm { aes-cbc-128 | aes-cbc-192 | aes-cbc-256 }

undo encryption-algorithm

Default

In non-FIPS mode, an IKE proposal uses the 56-bit DES encryption algorithm in CBC mode.

In FIPS mode, an IKE proposal uses the 128-bit AES encryption algorithm in CBC mode.

Views

IKE proposal view

Predefined user roles

network-admin

mdc-admin

Parameters

3des-cbc: Specifies the 3DES algorithm in CBC mode. The 3DES algorithm uses a 168-bit key for encryption.

aes-cbc-128: Specifies the AES algorithm in CBC mode. The AES algorithm uses a 128-bit key for encryption.

aes-cbc-192: Specifies the AES algorithm in CBC mode. The AES algorithm uses a 192-bit key for encryption.

aes-cbc-256: Specifies the AES algorithm in CBC mode. The AES algorithm uses a 256-bit key for encryption.

des-cbc: Specifies the DES algorithm in CBC mode. The DES algorithm uses a 56-bit key for encryption.

Examples

# Use the 128-bit AES algorithm in CBC mode as the encryption algorithm for IKE proposal 1.

<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] encryption-algorithm aes-cbc-128

Related commands

display ike proposal