diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/ip-security.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/ip-security.md
index b895782ff90..7a61dd5dfda 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/ip-security.md
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/ip-security.md
@@ -6,6 +6,7 @@
   - [Management Interfaces](#management-interfaces)
 - [IP Security](#ip-security)
   - [IKE policies](#ike-policies)
+  - [Security Association policies](#security-association-policies)
   - [IPSec profiles](#ipsec-profiles)
   - [Key controller](#key-controller)
   - [IP Security Configuration](#ip-security-configuration)
@@ -42,10 +43,18 @@ interface Management1
 
 ### IKE policies
 
-| Policy name | Local ID |
-| ----------- | -------- |
-| IKE-1 | 192.168.100.1 |
-| IKE-2 | - |
+| Policy name | IKE lifetime | Encryption | DH group | Local ID |
+| ----------- | ------------ | ---------- | -------- | -------- |
+| IKE-1 | 24 | aes256 | 20 | 192.168.100.1 |
+| IKE-2 | - | - | - | - |
+
+### Security Association policies
+
+| Policy name | ESP Integrity | ESP Encryption | PFS DH Group |
+| ----------- | ------------- | -------------- | ------------ |
+| SA-1 | - | aes128 | 14 |
+| SA-2 | - | aes128 | 14 |
+| SA-3 | disabled | disabled | 17 |
 
 ### IPSec profiles
 
@@ -68,6 +77,9 @@ ip security
    !
    ike policy IKE-1
       local-id 192.168.100.1
+      ike-lifetime 24
+      encryption aes256
+      dh-group 20
    !
    ike policy IKE-2
    !
@@ -80,6 +92,7 @@ ip security
       pfs dh-group 14
    !
    sa policy SA-3
+      esp integrity null
       esp encryption null
       pfs dh-group 17
    !
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/ip-security.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/ip-security.cfg
index 68ee2b76db1..d67f114f9de 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/ip-security.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/ip-security.cfg
@@ -11,6 +11,9 @@ ip security
    !
    ike policy IKE-1
       local-id 192.168.100.1
+      ike-lifetime 24
+      encryption aes256
+      dh-group 20
    !
    ike policy IKE-2
    !
@@ -23,6 +26,7 @@ ip security
       pfs dh-group 14
    !
    sa policy SA-3
+      esp integrity null
       esp encryption null
       pfs dh-group 17
    !
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/ip-security.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/ip-security.yml
index 5f3e3b8c567..f0c328404f2 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/ip-security.yml
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/ip-security.yml
@@ -3,6 +3,9 @@ ip_security:
   ike_policies:
     - name: IKE-1
       local_id: 192.168.100.1
+      ike_lifetime: 24
+      encryption: aes256
+      dh_group: 20
     - name: IKE-2
   sa_policies:
     - name: SA-1
@@ -15,8 +18,8 @@ ip_security:
       pfs_dh_group: 14
     - name: SA-3
       esp:
-        integrity: "null"
-        encryption: "null"
+        integrity: disabled
+        encryption: disabled
       pfs_dh_group: 17
   profiles:
     - name: Profile-1
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/ip-security.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/ip-security.md
index 7d0a1a06d24..8b2f6faa529 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/ip-security.md
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/ip-security.md
@@ -11,11 +11,14 @@
     | [<samp>&nbsp;&nbsp;ike_policies</samp>](## "ip_security.ike_policies") | List, items: Dictionary |  |  |  | Internet Security Association and Key Mgmt Protocol. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;- name</samp>](## "ip_security.ike_policies.[].name") | String | Required, Unique |  |  | Policy name. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;local_id</samp>](## "ip_security.ike_policies.[].local_id") | String |  |  |  | Local IKE Identification.<br>Can be an IPv4 or an IPv6 address.<br> |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ike_lifetime</samp>](## "ip_security.ike_policies.[].ike_lifetime") | Integer |  |  | Min: 1<br>Max: 24 | IKE lifetime in hours. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;encryption</samp>](## "ip_security.ike_policies.[].encryption") | String |  |  | Valid Values:<br>- 3des<br>- aes128<br>- aes256 | IKE encryption algorithm. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;dh_group</samp>](## "ip_security.ike_policies.[].dh_group") | Integer |  |  | Valid Values:<br>- 1<br>- 2<br>- 5<br>- 14<br>- 15<br>- 16<br>- 17<br>- 20<br>- 21<br>- 24 | Diffie-Hellman group for the key exchange. |
     | [<samp>&nbsp;&nbsp;sa_policies</samp>](## "ip_security.sa_policies") | List, items: Dictionary |  |  |  | Security Association policies. |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;- name</samp>](## "ip_security.sa_policies.[].name") | String | Required, Unique |  |  | Name of the SA policy. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;- name</samp>](## "ip_security.sa_policies.[].name") | String | Required, Unique |  |  | Name of the SA policy. The "null" value is deprecated and will be removed in AVD 5.0.0 |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;esp</samp>](## "ip_security.sa_policies.[].esp") | Dictionary |  |  |  |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;integrity</samp>](## "ip_security.sa_policies.[].esp.integrity") | String |  |  | Valid Values:<br>- null<br>- sha1<br>- sha256 |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;encryption</samp>](## "ip_security.sa_policies.[].esp.encryption") | String |  |  | Valid Values:<br>- null<br>- aes128<br>- aes128gcm128<br>- aes128gcm64<br>- aes256<br>- aes256gcm256 |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;integrity</samp>](## "ip_security.sa_policies.[].esp.integrity") | String |  |  | Valid Values:<br>- disabled<br>- sha1<br>- sha256<br>- null |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;encryption</samp>](## "ip_security.sa_policies.[].esp.encryption") | String |  |  | Valid Values:<br>- disabled<br>- aes128<br>- aes128gcm128<br>- aes128gcm64<br>- aes256<br>- aes256gcm256<br>- null |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;pfs_dh_group</samp>](## "ip_security.sa_policies.[].pfs_dh_group") | Integer |  |  | Valid Values:<br>- 1<br>- 2<br>- 5<br>- 14<br>- 15<br>- 16<br>- 17<br>- 20<br>- 21<br>- 24 |  |
     | [<samp>&nbsp;&nbsp;profiles</samp>](## "ip_security.profiles") | List, items: Dictionary |  |  |  | IPSec profiles. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;- name</samp>](## "ip_security.profiles.[].name") | String | Required, Unique |  |  | Name of the IPsec profile. |
@@ -38,6 +41,9 @@
       ike_policies:
         - name: <str>
           local_id: <str>
+          ike_lifetime: <int>
+          encryption: <str>
+          dh_group: <int>
       sa_policies:
         - name: <str>
           esp:
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
index 13481bd47a2..9e2f7855cd0 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
@@ -6597,6 +6597,40 @@
                 "type": "string",
                 "description": "Local IKE Identification.\nCan be an IPv4 or an IPv6 address.\n",
                 "title": "Local ID"
+              },
+              "ike_lifetime": {
+                "type": "integer",
+                "minimum": 1,
+                "maximum": 24,
+                "description": "IKE lifetime in hours.",
+                "title": "Ike Lifetime"
+              },
+              "encryption": {
+                "type": "string",
+                "enum": [
+                  "3des",
+                  "aes128",
+                  "aes256"
+                ],
+                "description": "IKE encryption algorithm.",
+                "title": "Encryption"
+              },
+              "dh_group": {
+                "type": "integer",
+                "enum": [
+                  1,
+                  2,
+                  5,
+                  14,
+                  15,
+                  16,
+                  17,
+                  20,
+                  21,
+                  24
+                ],
+                "description": "Diffie-Hellman group for the key exchange.",
+                "title": "Dh Group"
               }
             },
             "additionalProperties": false,
@@ -6617,7 +6651,7 @@
             "properties": {
               "name": {
                 "type": "string",
-                "description": "Name of the SA policy.",
+                "description": "Name of the SA policy. The \"null\" value is deprecated and will be removed in AVD 5.0.0",
                 "title": "Name"
               },
               "esp": {
@@ -6626,21 +6660,23 @@
                   "integrity": {
                     "type": "string",
                     "enum": [
-                      "null",
+                      "disabled",
                       "sha1",
-                      "sha256"
+                      "sha256",
+                      "null"
                     ],
                     "title": "Integrity"
                   },
                   "encryption": {
                     "type": "string",
                     "enum": [
-                      "null",
+                      "disabled",
                       "aes128",
                       "aes128gcm128",
                       "aes128gcm64",
                       "aes256",
-                      "aes256gcm256"
+                      "aes256gcm256",
+                      "null"
                     ],
                     "title": "Encryption"
                   }
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
index e740802f453..c4c373abe2f 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
@@ -3789,6 +3789,36 @@ keys:
                 Can be an IPv4 or an IPv6 address.
 
                 '
+            ike_lifetime:
+              type: int
+              convert_types:
+              - str
+              min: 1
+              max: 24
+              description: IKE lifetime in hours.
+            encryption:
+              type: str
+              valid_values:
+              - 3des
+              - aes128
+              - aes256
+              description: IKE encryption algorithm.
+            dh_group:
+              type: int
+              convert_types:
+              - str
+              valid_values:
+              - 1
+              - 2
+              - 5
+              - 14
+              - 15
+              - 16
+              - 17
+              - 20
+              - 21
+              - 24
+              description: Diffie-Hellman group for the key exchange.
       sa_policies:
         type: list
         description: Security Association policies.
@@ -3798,25 +3828,28 @@ keys:
           keys:
             name:
               type: str
-              description: Name of the SA policy.
+              description: Name of the SA policy. The "null" value is deprecated and
+                will be removed in AVD 5.0.0
             esp:
               type: dict
               keys:
                 integrity:
                   type: str
                   valid_values:
-                  - 'null'
+                  - disabled
                   - sha1
                   - sha256
+                  - 'null'
                 encryption:
                   type: str
                   valid_values:
-                  - 'null'
+                  - disabled
                   - aes128
                   - aes128gcm128
                   - aes128gcm64
                   - aes256
                   - aes256gcm256
+                  - 'null'
             pfs_dh_group:
               type: int
               convert_types:
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/ip_security.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/ip_security.schema.yml
index d95f467b89a..3e06942fb67 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/ip_security.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/ip_security.schema.yml
@@ -24,6 +24,26 @@ keys:
               description: |
                 Local IKE Identification.
                 Can be an IPv4 or an IPv6 address.
+            ike_lifetime:
+              type: int
+              convert_types:
+                - str
+              min: 1
+              max: 24
+              description: IKE lifetime in hours.
+            encryption:
+              type: str
+              valid_values:
+                - 3des
+                - aes128
+                - aes256
+              description: IKE encryption algorithm.
+            dh_group:
+              type: int
+              convert_types:
+                - str
+              valid_values: [1, 2, 5, 14, 15, 16, 17, 20, 21, 24]
+              description: Diffie-Hellman group for the key exchange.
       sa_policies:
         type: list
         description: Security Association policies.
@@ -33,25 +53,27 @@ keys:
           keys:
             name:
               type: str
-              description: Name of the SA policy.
+              description: Name of the SA policy. The "null" value is deprecated and will be removed in AVD 5.0.0
             esp:
               type: dict
               keys:
                 integrity:
                   type: str
                   valid_values:
-                    - "null"
+                    - disabled
                     - sha1
                     - sha256
+                    - "null"  # TODO: AVD 5.0.0
                 encryption:
                   type: str
                   valid_values:
-                    - "null"
+                    - disabled
                     - aes128
                     - aes128gcm128
                     - aes128gcm64
                     - aes256
                     - aes256gcm256
+                    - "null"  # TODO: AVD 5.0.0
             pfs_dh_group:
               type: int
               convert_types:
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/ip-security.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/ip-security.j2
index 81fa80e6027..f673dd59d35 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/ip-security.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/ip-security.j2
@@ -11,20 +11,20 @@
 
 ### IKE policies
 
-| Policy name | Local ID |
-| ----------- | -------- |
+| Policy name | IKE lifetime | Encryption | DH group | Local ID |
+| ----------- | ------------ | ---------- | -------- | -------- |
 {%         for ike_policy in ip_security.ike_policies | arista.avd.default([]) %}
-| {{ ike_policy.name }} | {{ ike_policy.local_id | arista.avd.default("-") }} |
+| {{ ike_policy.name }} | {{ ike_policy.ike_lifetime | arista.avd.default("-") }} | {{ ike_policy.encryption | arista.avd.default("-") }} | {{ ike_policy.dh_group | arista.avd.default("-") }} | {{ ike_policy.local_id | arista.avd.default("-") }} |
 {%         endfor %}
 {%     endif %}
-{%     if ip_security.ike_policie is arista.avd.defined %}
+{%     if ip_security.sa_policies is arista.avd.defined %}
 
 ### Security Association policies
 
 | Policy name | ESP Integrity | ESP Encryption | PFS DH Group |
 | ----------- | ------------- | -------------- | ------------ |
 {%         for sa_policy in ip_security.sa_policies | arista.avd.default([]) %}
-| {{ sa_policy.name }} | {{ sa_policy.esp.integrity | arista.avd.default("-") }} |  {{ sa_policy.esp.encryption | arista.avd.default("-") }} | {{ sa_policy.pfs_dh_group | arista.avd.default("-") }} |
+| {{ sa_policy.name }} | {{ sa_policy.esp.integrity | arista.avd.default("-") }} | {{ sa_policy.esp.encryption | arista.avd.default("-") }} | {{ sa_policy.pfs_dh_group | arista.avd.default("-") }} |
 {%         endfor %}
 {%     endif %}
 {%     if ip_security.profiles is arista.avd.defined %}
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/ip-security.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/ip-security.j2
index fe27a581d16..52351ee94ec 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/ip-security.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/ip-security.j2
@@ -13,15 +13,32 @@ ip security
 {%         if ike_policy.local_id is arista.avd.defined %}
       local-id {{ ike_policy.local_id }}
 {%         endif %}
+{%         if ike_policy.ike_lifetime is arista.avd.defined %}
+      ike-lifetime {{ ike_policy.ike_lifetime }}
+{%         endif %}
+{%         if ike_policy.encryption is arista.avd.defined %}
+      encryption {{ ike_policy.encryption }}
+{%         endif %}
+{%         if ike_policy.dh_group is arista.avd.defined %}
+      dh-group {{ ike_policy.dh_group }}
+{%         endif %}
 {%     endfor %}
 {%     for sa_policy in ip_security.sa_policies | arista.avd.default([]) %}
    !
    sa policy {{ sa_policy.name }}
-{%         if sa_policy.esp.intergrity is arista.avd.defined %}
-      esp intergrity {{ sa_policy.esp.intergrity }}
+{%         if sa_policy.esp.integrity is arista.avd.defined %}
+{%             if sa_policy.esp.integrity == "disabled" %}
+      esp integrity null
+{%             else %}
+      esp integrity {{ sa_policy.esp.integrity }}
+{%             endif %}
 {%         endif %}
 {%         if sa_policy.esp.encryption is arista.avd.defined %}
+{%             if sa_policy.esp.encryption == "disabled" %}
+      esp encryption null
+{%             else %}
       esp encryption {{ sa_policy.esp.encryption }}
+{%             endif %}
 {%         endif %}
 {%         if sa_policy.pfs_dh_group is arista.avd.defined %}
       pfs dh-group {{ sa_policy.pfs_dh_group }}