Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

cipher-suite

vpn interface ipsec ike cipher-suite—Configure the type of authentication and encryption to use during IKE key exchange (on vEdge routers only).

vpn interface ipsec ipsec cipher-suite—Configure the authentication and encryption to use on an IPsec tunnel that is being used for IKE key exchange (on vEdge routers only).

vManage Feature Template

For vEdge routers only:

Configuration ► Templates ► VPN Interface IPsec

Command Hierarchy

vpn vpn-id
  interface ipsecnumber
    ike
      cipher-suite suite
    ipsec
      cipher-suite suite

Options

Authentication and Encryption Type for IKE Key Exchange
suite
Type of authentication and integrity checking to use during IKE key exchange. It can be one of the following:
aes128-cbc-sha1—Use the AES-128 advanced encryption standard CBC encryption with the HMAC-SHA1 keyed-hash message authentication code algorithm for integrity.
aes256-cbc-sha1—Use the AES-256 advanced encryption standard CBC encryption with the HMAC-SHA1 keyed-hash message authentication code algorithm for integrity. This is the default.
Encryption Type for IPsec Tunnel
suite
Type of encryption to use on an IPsec tunnel that is being used for IKE key exchange. It can be one of the following:
aes256-cbc-sha1—Calculate message encryption using the AES-256 cipher in CBC (cipher block chaining) mode and using HMAC-SHA1-96 keyed-hash message authentication.
aes256-gcm—Calculate message encryption using the AES-256 algorithm in GCM (Galois/counter mode). This is the default.
null-sha1—Do not encrypt the IPsec tunnel that is being used for IKE key exchange traffic.

Example

Change the IKE key exchange to use AES-128 encryption and HMAC-SHA1:

vEdge(config)# vpn 1 interface ipsec1 ike
vEdge(config-ike)# cipher-suite aes128-sha1

Change the IPsec tunnel encryption to AES-256 in CBC mode:

vEdge(config)# vpn 1 interface ipsec1 ipsec
vEdge(config-ipsec)# cipher-suite aes256-cbc-sha1

Release Information

Command introduced in Viptela Software Release 17.2.​

Additional Information

See the Configuring IKE article for your software release.

  • Was this article helpful?