Table of Contents
Advertisement
Implementing the Site-to-Site Scenario
Configuring IPsec Encryption and Authentication Parameters
Step 1
Step 2
Cisco ASA 5500 Series Getting Started Guide
12-8
In Step 4 of the VPN Wizard, perform the following steps:
Choose the encryption algorithm (DES/3DES/AES) from the Encryption
drop-down list, and the authentication algorithm (MD5/SHA) from the
Authentication drop-down list.
Check the Enable Perfect Forwarding Secrecy (PFS) check box to specify
whether to use perfect forwarding secrecy, and the size of the numbers to use from
the Diffie-Hellman Group drop-down list, in generating Phase 2 IPsec keys.
PFS is a cryptographic concept where each new key is unrelated to any previous
key. In IPsec negotiations, Phase 2 keys are based on Phase 1 keys unless PFS is
enabled. PFS uses Diffie-Hellman techniques to generate the keys.
Chapter 12
Scenario: Site-to-Site VPN Configuration
78-19186-01
Hide quick links:
Advertisement
Table of Contents
