Null in Hash Algorithm

One asks if it is possible to use as hash algorithm a value of “null” in JunOS, as in the following command of ScreenOS:

set ike p2-proposal “g5-esp-aes256-no_auth-900s” group5 esp aes256 null second 900

The answer would be YES ! how ?

Setting NULL encryption means actually not setting any encryption-algorithm under IPsec proposals

admin@srx# show security ipsec proposal LAB
protocol esp;
authenticationalgorithm hmacsha196;
lifetimeseconds 10000;
Note: It’s not supported in FIPS mode . And this error will be generated when trying to commit:
admin@srx# commit
[edit security ipsec]
‘proposal ipsec_proposal’
NULL encryption algorithm is not supported in FIPS mode.
error: configuration check-out failed
Refer to KB24453
And for more troubleshooting about NULL encryption, refer to this site

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s