Table of Contents
Advertisement
Predefined user roles
network-admin
Parameters
: Specifies the 3DES algorithm in CBC mode, which uses a 168-bit key.
3des-cbc
aes-cbc-128
aes-cbc-192
aes-cbc-256
aes-ctr-128
is available only for IKEv2.
aes-ctr-192
is available only for IKEv2.
aes-ctr-256
is available only for IKEv2.
camellia-cbc-128
This keyword is available only for IKEv2.
camellia-cbc-192
This keyword is available only for IKEv2.
camellia-cbc-256
This keyword is available only for IKEv2.
des-cbc
: Specifies the DES algorithm in CBC mode, which uses a 64-bit key.
: Specifies the GMAC algorithm, which uses a 128-bit key. This keyword is available only
gmac-128
for IKEv2.
: Specifies the GMAC algorithm, which uses a 192-bit key. This keyword is available only
gmac-192
for IKEv2.
: Specifies the GMAC algorithm, which uses a 256-bit key. This keyword is available only
gmac-256
for IKEv2.
: Specifies the GCM algorithm, which uses a 128-bit key. This keyword is available only for
gcm-128
IKEv2.
: Specifies the GCM algorithm, which uses a 192-bit key. This keyword is available only for
gcm-192
IKEv2.
: Specifies the GCM algorithm, which uses a 256-bit key. This keyword is available only for
gcm-256
IKEv2.
: Specifies the NULL algorithm, which means encryption is not performed.
null
Usage guidelines
You can specify multiple ESP encryption algorithms for one IPsec transform set, and the algorithm
specified earlier has a higher priority.
For a manual or IKEv1-based IPsec policy, the first specified ESP encryption algorithm takes effect.
To make sure an IPsec tunnel can be established successfully, the IPsec transform sets specified at
both ends of the tunnel must have the same first ESP encryption algorithm.
GCM and GMAC algorithms are combined mode algorithms. GCM algorithms provide encryption
and authentication services. GMAC algorithms only provide authentication service. Combined mode
algorithms can be used only when ESP is used alone without AH. Combined mode algorithms
cannot be used together with ordinary ESP authentication algorithms.
: Specifies the AES algorithm in CBC mode, which uses a 128-bit key.
: Specifies the AES algorithm in CBC mode, which uses a 192-bit key.
: Specifies the AES algorithm in CBC mode, which uses a 256-bit key.
: Specifies the AES algorithm in CTR mode, which uses a 128-bit key. This keyword
: Specifies the AES algorithm in CTR mode, which uses a 192-bit key. This keyword
: Specifies the AES algorithm in CTR mode, which uses a 256-bit key. This keyword
: Specifies the Camellia algorithm in CBC mode, which uses a 128-bit key.
: Specifies the Camellia algorithm in CBC mode, which uses a 192-bit key.
: Specifies the Camellia algorithm in CBC mode, which uses a 256-bit key.
25
Advertisement
Chapters
Table of Contents
