для Cisco Cisco Packet Data Gateway (PDG)
USE OF THIS ALGORITHM FOR IKE_SA ENCRYPTION IS A VIOLATION OF RFC 4306. THIS
ALGORITHM SHOULD ONLY BE USED FOR TESTING PURPOSES.
ALGORITHM SHOULD ONLY BE USED FOR TESTING PURPOSES.
Note
Usage Guidelines
IKEv2 requires a confidentiality algorithm to be applied in order to work.
In cipher block cryptography, the plaintext is broken into blocks usually of 64 or 128 bits in length. In cipher
block chaining (CBC) each encrypted block is chained into the next block of plaintext to be encrypted. A
randomly-generated vector is applied to the first block of plaintext in lieu of an encrypted block. CBC provides
confidentiality, but not message integrity.
block chaining (CBC) each encrypted block is chained into the next block of plaintext to be encrypted. A
randomly-generated vector is applied to the first block of plaintext in lieu of an encrypted block. CBC provides
confidentiality, but not message integrity.
Because RFC 4307 calls for interoperability between IPSec and IKEv2, the IKEv2 confidentiality algorithms
must be the same as those configured for IPSec in order for there to be an acceptable match during the IKE
message exchange. Because of RFC4307, in IKEv2, there is no viable NULL option, it is available for testing
only.
must be the same as those configured for IPSec in order for there to be an acceptable match during the IKE
message exchange. Because of RFC4307, in IKEv2, there is no viable NULL option, it is available for testing
only.
Examples
The following command configures the encryption to be aes-cbc-128:
encryption aes-cbc-128
encryption aes-cbc-128
Command Line Interface Reference, Modes I - Q, StarOS Release 19
14
IKEv2 Security Association Configuration Mode Commands
encryption