Hello
I have been investigating IKE Version 1 CBC(Cipher Blocking Chaining) encryption availability.
At this mement. IKE Phase1 uses CBC encryption like AES-CBC, DES-CBC below by using debug crypto isakmp.
Apr 30 06:27:59.583: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
Apr 30 06:27:59.583: ISAKMP: encryption AES-CBC
Apr 30 06:27:59.583: ISAKMP: keylength of 256
Apr 30 06:23:19.823: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
Apr 30 06:23:19.823: ISAKMP: encryption DES-CBC"
However if I use debug crypto ipsec, then it only show esp-aes or esp-des. So I think
IKEv1 Phase 2 do not use CBC mode is that ture?
Apr 30 06:32:43.587: IPSEC(create_sa): sa created,
(sa) sa_dest= 10.0.0.254, sa_proto= 50,
sa_spi= 0x22DF775C(585070428),
sa_trans= esp-aes esp-sha256-hmac , sa_conn_id= 9
sa_lifetime(k/sec)= (4515208/3600)
Apr 30 06:34:53.647: IPSEC(create_sa): sa created,
(sa) sa_dest= 10.0.0.254, sa_proto= 50,
sa_spi= 0xED7B5044(3984281668),
sa_trans= esp-des esp-sha256-hmac , sa_conn_id= 11
I appreciate if you can let me know any related information.
Best Regards,
Masanobu Hiyoshi