Cisco Cisco Packet Data Gateway (PDG)
encryption
Configures the appropriate encryption algorithm and encryption key length for the IKEv2 IKE security
association. AES-CBC-128 is the default.
association. AES-CBC-128 is the default.
Product
ePDG
PDIF
Privilege
Security Administrator, Administrator
Command Modes
Exec > Global Configuration > Context Configuration > IKEv2 Security Association Configuration
configure > context context_name > ikev2-ikesa transform-set set_name
Entering the above command sequence results in the following prompt:
[
context_name
]
host_name
(cfg-ctx-ikev2ikesa-tran-set)#
Syntax Description
encryption { 3des-cbc | aes-cbc-128 | aes-cbc-256 | des-cbc | null }
default encryption
default encryption
3des-cbc
Data Encryption Standard Cipher Block Chaining encryption applied to the message three times using three
different cypher keys (triple DES).
different cypher keys (triple DES).
aes-cbc-128
Advanced Encryption Standard Cipher Block Chaining with a key length of 128 bits.
aes-cbc-256
Advanced Encryption Standard Cipher Block Chaining with a key length of 256 bits.
des-cbc
Data Encryption Standard Cipher Block Chaining. Encryption using a 56-bit key size. Relatively insecure.
null
Configures no IKEv2 IKE Security Association Encryption Algorithm. All IKEv2 IPsec Child Security
Association protected traffic will be sent in the clear.
Association protected traffic will be sent in the clear.
Command Line Interface Reference, Modes I - Q, StarOS Release 19
13
IKEv2 Security Association Configuration Mode Commands
encryption