[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring an IKE Diffie-Hellman Group

Diffie-Hellman is a public-key cryptography scheme that allows two parties to establish a shared secret over an insecure communications channel. It is also used within IKE to establish session keys.

To configure an IKE Diffie-Hellman group, include the dh-group statement at the [edit services ipsec-vpn ike proposal proposal-name] hierarchy level:




dh-group (group1 | group2);

The group can be one of the following:

group1—Specifies that IKE use the 768-bit Diffie-Hellman prime modulus group when performing the new Diffie-Hellman exchange.
group2—Specifies that IKE use the 1024-bit Diffie-Hellman prime modulus group when performing the new Diffie-Hellman exchange.

group2 provides more security but requires more processing time.

[Contents] [Prev] [Next] [Index] [Report an Error]