HP 7000 dl Router manual Set pfs group1 group2, Group1, Group2

set pfs [group1 group2]

Use the set pfs command to choose the type of perfect forward secrecy (if any) that will be required during IPSec negotiation of security associations for this crypto map. Use the no form of this command to require no PFS.

Syntax Description

Default Values

By default, no PFS will be used during IPSec SA key generation.

Command Modes

(config-crypto-map)# Crypto Map IKE Configuration Mode

Functional Notes

If left at the default setting, no perfect forward secrecy (PFS) will be used during IPSec SA key generation. If PFS is specified, then the specified Diffie-Hellman Group exchange will be used for the initial and all subsequent key generation, thus providing no data linkage between prior keys and future keys.

Usage Examples

The following example specifies use of the Diffie-Hellman Group 1 exchange during IPSec SA key generation:

(config-crypto-map)#set pfs group 1