Set Pfs - Avaya G450 Cli Reference Manual
Hide thumbs
Also See for G450:
- Manual (736 pages) ,
- Installing and upgrading (324 pages) ,
- Install book (190 pages)
Table of Contents
Advertisement
Related Commands
crypto ipsec
transform-set,
transform-set
set pfs
Use the set pfs command to specify whether each IKE phase 2 negotiation will employ
Perfect Forward Secrecy (PFS), and if yes, which Diffie-Hellman group to employ. PFS ensures
that even if someone were to discover the long-term secret(s), the attacker would not be able to
recover the session keys, both past and present. In addition, the discovery of a session key
compromises neither the long-term secrets nor the other session keys.
Use the no form of the command to disable PFS for IKE phase 2 (default setting).
Syntax
[no] set pfs [group1 | group2 | group5 | group14]
Note:
Using set pfs with no parameters sets the PFS group to 1.
Note:
Parameters
Parameter
group1
group2
group5
group14
User Level
read-write
Context
crypto ipsec transform-set
set
pfs,
set security-association
Description
Keyword specifying that IKE employ the
768-bit Diffie-Hellman prime modulus group
Keyword specifying that IKE employ the
1,024-bit Diffie-Hellman prime modulus group
Keyword specifying that IKE employ the
1536-bit Diffie-Hellman prime modulus group
Keyword specifying that IKE employ the
2048-bit Diffie-Hellman prime modulus group
lifetime,
show crypto ipsec
Possible
Values
Issue 1 January 2008
VPN
Default
Value
1211
Advertisement
Table of Contents
