Configuration - IPSec Mode

no encryption

Use the IPSec no encryption command to disable encryption. To configure encryption, see encryption command on page 14-5.

Syntax: (config-ipsec-{n})# no encryption {des3desaesaes192 aes256}

Field

Definition

des

Disable 56-bit Data Encryption Standard (DES).

 

 

3des

Disable 168-bit DES. Default.

 

 

aes

Disable 128-bit Advanced Encryption Standard (AES) as the

 

encryption algorithm.

 

 

aes192

Disable 192-bit AES as the encryption algorithm.

 

 

aes256

Disable 256-bit AES as the encryption algorithm.

 

 

Example: (config-ipsec-1)# no encryption aes

Supported Platforms: Adit 3104, Adit 3200, Adit 3500, MSR

no group

Use the IPSec no group command to disable a Diffie-Hellman (DH) group identifier. To set a DH group identifier, see group command on page 14-6.

Syntax: (config-ipsec-{n})# no group {125}

Field

Definition

 

1

Disable DH group 1

(768 bit).

 

 

 

2

Disable DH group 2

(1024 bit). Default is enabled.

 

 

5

Disable DH group 25 (1536 bit). Default is enabled.

 

 

 

Example: (config-ipsec-1)# no group 2

Supported Platforms: Adit 3104, Adit 3200, Adit 3500, MSR

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI

14-13

Page 333
Image 333
Carrier Access none No encryption, No group, Example config-ipsec-1# no encryption aes, Syntax config-ipsec-n# no group