Set Pfs - Avaya G250 Reference
Cli reference
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Administration (720 pages) ,
- Maintenance manual (310 pages)
Table of Contents
Advertisement
CLI Commands
set pfs
Use the set pfs command to specify whether each IKE phase 2 negotiation will employ PFS
(Perfect Forward Secrecy), and if yes, which Diffie-Hellman group to employ. PFS ensures that
even if someone were to discover the long-term secret(s), the attacker would not be able to
recover the session keys, both past and present. In addition, the discovery of a session key
compromises neither the long-term secrets nor the other session keys.
Use the no form of the command to disable PFS for IKE phase 2 (default setting).
Syntax
[no] set pfs [group1 | group2 | group5 | group14]
Note:
Using set pfs with no parameters sets the pfs group to 1.
Note:
Parameters
Parameter
group1
group2
group5
group14
User level
read-write
Context
crypto ipsec transform-set
Example
G350-001(config-transform:ts1)# set pfs group1
Related commands
crypto ipsec
transform-set, mode,
transform-set
432 Avaya G250 and Avaya G350 CLI Reference
Description
Specifies that IKE employs the 768-bit
Diffie-Hellman prime modulus group.
Specifies that IKE employs the 1,024-bit
Diffie-Hellman prime modulus group.
Specifies that IKE employs the 1536-bit
Diffie-Hellman prime modulus group.
Specifies that IKE employs the 2048-bit
Diffie-Hellman prime modulus group.
set security-association
Possible
Values
lifetime,
show crypto ipsec
Default
Value
Advertisement
Table of Contents
