Configuring Perfect Forward Secrecy for an IPsec Transport Profile

You can use the pfs group command to configure perfect forward secrecy (PFS) for connections created with this IPsec transport profile.

You can assign a Diffie-Hellman prime modulus group using one of the following keywords:

To configure perfect forward secrecy:

host1(config-ipsec-transport-profile)#pfs group 5

Use the no version to remove PFS from this profile, which is the default setting.

Related Documentation