Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Perfect Forward Secrecy for an IPsec Transport Profile

    You can use the pfs group command to configure perfect forward secrecy (PFS) for connections created with this IPsec transport profile.

    You can assign a Diffie-Hellman prime modulus group using one of the following keywords:

    • 1—768-bit group
    • 2—1024-bit group
    • 5—1536-bit group

    To configure perfect forward secrecy:

    • Issue the pfs group command in IPsec Transport Profile Configuration mode.
    host1(config-ipsec-transport-profile)#pfs group 5

    Use the no version to remove PFS from this profile, which is the default setting.

    Published: 2014-08-12