encryption
Use encryption to specify encryption algorithms for an IKEv2 proposal.
Use undo encryption to restore the default.
Syntax
In non-FIPS mode:
encryption { 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | aes-ctr-128 | aes-ctr-192 | aes-ctr-256 | camellia-cbc-128 | camellia-cbc-192 | camellia-cbc-256 | des-cbc } *
undo encryption
In FIPS mode:
encryption { aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | aes-ctr-128 | aes-ctr-192 | aes-ctr-256 } *
undo encryption
Default
No encryption algorithm is specified for an IKEv2 proposal.
Views
IKEv2 proposal view
Predefined user roles
network-admin
mdc-admin
Parameters
3des-cbc: Specifies the 3DES algorithm in CBC mode, which uses a 168-bit key.
aes-cbc-128: Specifies the AES algorithm in CBC mode, which uses a 128-bit key.
aes-cbc-192: Specifies the AES algorithm in CBC mode, which uses a 192-bit key.
aes-cbc-256: Specifies the AES algorithm in CBC mode, which uses a 256-bit key.
aes-ctr-128: Specifies the AES algorithm in CTR mode, which uses a 128-bit key.
aes-ctr-192: Specifies the AES algorithm in CTR mode, which uses a 192-bit key.
aes-ctr-256: Specifies the AES algorithm in CTR mode, which uses a 256-bit key.
camellia-cbc-128: Specifies the Camellia algorithm in CBC mode, which uses a 128-bit key.
camellia-cbc-192: Specifies the Camellia algorithm in CBC mode, which uses a 192-bit key.
camellia-cbc-256: Specifies the Camellia algorithm in CBC mode, which uses a 256-bit key.
des-cbc: Specifies the DES algorithm in CBC mode, which uses a 56-bit key.
Usage guidelines
You must specify a minimum of one encryption algorithm for an IKEv2 proposal. Otherwise, the proposal is incomplete and useless. You can specify multiple encryption algorithms for an IKEv2 proposal. An algorithm specified earlier has a higher priority.
Examples
# Specify the 168-bit 3DES algorithm in CBC mode as the encryption algorithm for IKE proposal prop1.
<Sysname> system-view [Sysname] ikev2 proposal prop1 [Sysname-ikev2-proposal-prop1] encryption 3des-cbc
Related commands
ikev2 proposal