security vpn ipsec esp-group <name> pfs <pfs>
Specifies whether or not Perfect Forward Secrecy (PFS) is used.
PFS is enabled and uses the Diffie-Hellman group defined in the ike-group.
- name
- The name to be used to refer to the ESP configuration.
- pfs
- Enables or disables Perfect Forward Secrecy. Supported values are as follows:
enable—Enables PFS using Diffie-Hellman group defined in the ike-group.
dh-group2—Enables PFS using Diffie-Hellman group 2.
dh-group5—Enables PFS using Diffie-Hellman group 5.
dh-group14—Enables PFS using Diffie-Hellman group 14.
dh-group15—Enables PFS using Diffie-Hellman group 15.
dh-group16—Enables PFS using Diffie-Hellman group 16.
dh-group17—Enables PFS using Diffie-Hellman group 17.
dh-group18—Enables PFS using Diffie-Hellman group 18.
dh-group19—Enables PFS using Diffie-Hellman group 19.
dh-group20—Enables PFS using Diffie-Hellman group 20.
disable—Disables PFS.
Configuration mode
security {
vpn {
ipsec {
esp-group name {
pfs pfs
}
}
}
}Use this command to specify whether or not PFS will be used and, if used, which Diffie-Hellman group is to be used.
Use the set form of this command to specify whether or not PFS will be used.
Use the delete form of this command to restore default PFS configuration.
Use the show form of this command to view PFS configuration.