R2511-HP MSR Router Series Security Command Reference(V5)
250
Default
In FIPS mode, DES-CBC and 3DES-CBC are not supported, and an IKE proposal uses the 128-bit AES
algorithm in CBC mode for encryption.
In non-FIPS mode, an IKE proposal uses the 56-bit DES algorithm in CBC mode for encryption.
Views
IKE proposal view
Default command level
2: System level
Parameters
3des-cbc: Uses the 3DES algorithm in CBC mode as the encryption algorithm. The 3DES algorithm uses
168-bit keys for encryption.
aes-cbc: Uses the AES algorithm in CBC mode as the encryption algorithm. The AES algorithm uses
128-bit, 192-bit, or 256-bit keys for encryption.
key-length: Key length for the AES algorithm, which can be 128, 192 or 256 bits and is defaulted to 128
bits.
des-cbc: Uses the DES algorithm in CBC mode as the encryption algorithm. The DES algorithm uses
56-bit keys for encryption.
Examples
# Use 56-bit DES in CBC mode as the encryption algorithm for IKE proposal 10.
<Sysname> system-view
[Sysname] ike proposal 10
[Sysname-ike-proposal-10] encryption-algorithm des-cbc
Related commands
• ike proposal
• display ike proposal
exchange-mode
Use exchange-mode to select an IKE negotiation mode.
Use undo exchange-mode to restore the default.
Syntax
exchange-mode { aggressive | main }
undo exchange-mode
Default
Main mode is used.
Views
IKE peer view
Default command level
2: System level