H3C MSR 20-20 Command Reference Manual page 2140
Msr 20/30/50 series routers
Hide thumbs
Also See for MSR 20-20:
- Installation manual (73 pages) ,
- User manual (60 pages) ,
- Supplementary manual (6 pages)
Table of Contents
Advertisement
2140
C
140: IPS
HAPTER
EC
View
Parameter
Description
Example
pfs
Syntax
View
Parameter
Description
C
C
ONFIGURATION
OMMANDS
undo ipsec session idle-time
System view
Seconds: IPSec session idle timeout in seconds, in the range of 60 to 3,600.
Use the
ipsec session idle-time
sessions.
Use the
undo ipsec session idle-time
By default, the IPSec session idle timeout is 300 seconds.
# Set the IPSec session idle timeout to 600 seconds.
<Sysname> system-view
[Sysname] ipsec session idle-time 600
pfs { dh-group1 | dh-group2 | dh-group5 | dh-group14 }
undo pfs
IPSec policy view/IPSec policy template view
dh-group1: Uses 768-bit Diffie-Hellman group.
dh-group2: Uses 1024-bit Diffie-Hellman group.
dh-group5: Uses 1536-bit Diffie-Hellman group.
dh-group14: Uses 2048-bit Diffie-Hellman group.
Use the
command to enable and configure the perfect forward secrecy (PFS)
pfs
feature so that the system uses the feature when employing the IPSec policy to
initiate a negotiation.
Use the
undo pfs
By default, the PFS feature is not used for negotiation.
Note that:
In terms of security and necessary calculation time, the following four groups
■
are in the descending order: 2048-bit Diffie-Hellman group (dh-group14),
1536-bit Diffie-Hellman group (dh-group5), 1024-bit Diffie-Hellman group
(dh-group2) and 768-bit Diffie-Hellman group (group1).
This command allows IPSec to perform an additional key exchange process
■
during the negotiation phase 2, providing an additional level of security.
command to set the idle timeout for IPSec
command to restore the default.
command to remove the configuration.
Advertisement
Chapters
Table of Contents
