Cisco Cisco Packet Data Gateway (PDG)
IKEv2 Security Association Configuration Mode Commands
encryption ▀
Command Line Interface Reference, StarOS Release 17 ▄
6469
encryption
Configures the appropriate encryption algorithm and encryption key length for the IKEv2 IKE security association.
AES-CBC-128 is the default.
AES-CBC-128 is the default.
Product
ePDG
PDIF
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > IKEv2 Security Association Configuration
configure > context context_name > ikev2-ikesa transform-set set_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(cfg-ctx-ikev2ikesa-tran-set)#
Syntax
encryption { 3des-cbc | aes-cbc-128 | aes-cbc-256 | des-cbc | null }
default encryption
3des-cbc
Data Encryption Standard Cipher Block Chaining encryption applied to the message three times using three
different cypher keys (triple DES).
different cypher keys (triple DES).
aes-cbc-128
Advanced Encryption Standard Cipher Block Chaining with a key length of 128 bits.
aes-cbc-256
Advanced Encryption Standard Cipher Block Chaining with a key length of 256 bits.
des-cbc
Data Encryption Standard Cipher Block Chaining. Encryption using a 56-bit key size. Relatively insecure.
null
Configures no IKEv2 IKE Security Association Encryption Algorithm. All IKEv2 IPsec Child Security
Association protected traffic will be sent in the clear.
Association protected traffic will be sent in the clear.
Usage
IKEv2 requires a confidentiality algorithm to be applied in order to work.
In cipher block cryptography, the plaintext is broken into blocks usually of 64 or 128 bits in length. In cipher
block chaining (CBC) each encrypted block is chained into the next block of plaintext to be encrypted. A
randomly-generated vector is applied to the first block of plaintext in lieu of an encrypted block. CBC
provides confidentiality, but not message integrity.
In cipher block cryptography, the plaintext is broken into blocks usually of 64 or 128 bits in length. In cipher
block chaining (CBC) each encrypted block is chained into the next block of plaintext to be encrypted. A
randomly-generated vector is applied to the first block of plaintext in lieu of an encrypted block. CBC
provides confidentiality, but not message integrity.