Protocol - HP MSR Series Command Reference Manual
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (625 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
pfs dh-group14
undo pfs
Default
The PFS feature is disabled for the IPsec transform set.
Views
IPsec transform set view
Predefined user roles
network-admin
Parameters
dh-group1: Uses 768-bit Diffie-Hellman group.
dh-group2: Uses 1024-bit Diffie-Hellman group.
dh-group5: Uses 1536-bit Diffie-Hellman group.
dh-group14: Uses 2048-bit Diffie-Hellman group.
dh-group24: Uses 2048-bit and 256-bit subgroup Diffie-Hellman group.
Usage guidelines
In terms of security and necessary calculation time, the following groups are in descending order:
2048-bit and 256-bit subgroup Diffie-Hellman group (dh-group24), 2048-bit Diffie-Hellman group
(dh-group14), 1536-bit Diffie-Hellman group (dh-group5), 1024-bit Diffie-Hellman group (dh-group2),
and 768-bit Diffie-Hellman group (dh-group1).
The security level of the Diffie-Hellman group of the initiator must be higher than or equal to that of the
responder.
The end without the PFS feature performs IKE negotiation according to the PFS requirements of the peer
end.
Examples
# Enable PFS using 2048-bit Diffie-Hellman group for IPsec transform set tran1.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] pfs dh-group14
protocol
Use protocol to specify a security protocol for an IPsec transform set.
Use undo protocol to restore the default.
Syntax
protocol { ah | ah-esp | esp }
undo protocol
Default
The IPsec transform set uses the ESP protocol.
333
Advertisement
Table of Contents
