About Perfect Forward Secrecy - HP Cisco MDS 9216 - Fabric Switch Configuration Manual

Crypto IPv4-ACLs
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Figure 44-28
Choose the CryptoMap Set Entry tab.
Step 2
You see the existing crypto maps configured in
Figure 44-29
Check or uncheck the AutoPeer option for the selected crypto map set entry.
Step 3
Step 4 Click Apply Changes to save your changes.

About Perfect Forward Secrecy

To specify SA lifetime negotiation values, you can also optionally configure the perfect forward secrecy
(PFS) value in the crypto map.
The PFS feature is disabled by default. If you set the PFS group, you can set one of the DH groups: 1,
2, 5, or 14. If you do not specify a DH group, the software uses group 1 by default.
Cisco MDS 9000 Family CLI Configuration Guide
44-34
IPsec Configuration
Existing Crypto Maps
Chapter 44 Configuring IPsec Network Security
Figure 44-29.
OL-16184-01, Cisco MDS SAN-OS Release 3.x