Cisco Cisco Packet Data Gateway (PDG)
IPSec Transform Set Configuration Mode Commands
encryption ▀
Command Line Interface Reference, StarOS Release 17 ▄
6541
Usage
In cipher block cryptography, the plaintext is broken into blocks usually of 64 or 128 bits in length. In cipher
block chaining (CBC) each encrypted block is chained into the next block of plaintext to be encrypted. A
randomly generated vector is applied to the first block of plaintext in lieu of an encrypted block. CBC
provides confidentiality, but not message integrity.
Because RFC 4307 calls for interoperability between IPSec and IKEv2, the IKEv2 confidentiality algorithms
must be the same as those configured for IPsec in order for there to be an acceptable match during the IKE
message exchange. In IKEv2, there is no NULL option.
block chaining (CBC) each encrypted block is chained into the next block of plaintext to be encrypted. A
randomly generated vector is applied to the first block of plaintext in lieu of an encrypted block. CBC
provides confidentiality, but not message integrity.
Because RFC 4307 calls for interoperability between IPSec and IKEv2, the IKEv2 confidentiality algorithms
must be the same as those configured for IPsec in order for there to be an acceptable match during the IKE
message exchange. In IKEv2, there is no NULL option.
Example
The following command configures the encryption to be the default aes-cbc-128:
default encryption