Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

security vpn ipsec esp-group <name> proposal <num> encryption <cipher>

Specifies the encryption cipher for an ESP proposal.

set security vpn ipsec esp-group name proposal num encryption cipher
delete security vpn ipsec esp-group proposal num encryption
show security vpn ipsec esp-group proposal num encryption

The default is aes128.

name
The name to be used to refer to the ESP configuration.
proposal
An integer uniquely identifying a proposal to be used in IKE Phase 2 negotiation.
cipher
The encryption cipher to be proposed. Supported values are as follows:

aes128—Advanced Encryption Standard with a 128-bit key.

aes256—Advanced Encryption Standard with a 256-bit key.

aes128gcm128—128-bit AES with 128-bit Galois/Counter Mode (GCM).

aes256gcm128—256-bit AES with 128-bit Galois/Counter Mode (GCM).

3des—Triple-DES (Data Encryption Standard).

Configuration mode

security {
        vpn {
            ipsec {
                esp-group name {
                        proposal num {
                        encryption cipher
                }
            }
        }
    }
}

Use this command to specify the encryption cipher to be proposed in an ESP proposal during IKE Phase 2 negotiation.

Use the set form of this command to specify the encryption cipher.

Use the delete form of this command to restore default encryption configuration.

Use the show form of this command to view ESP proposal encryption configuration.