Diffie-Hellman is a public-key cryptography scheme that allows two parties to establish a shared secret over an insecure communications channel. It is also used within IKE to establish session keys.
To configure an IKE Diffie-Hellman group, include the dh-group statement at the [edit services ipsec-vpn ike proposal proposal-name] hierarchy level:
-
dh-group (group1 | group2);
The group can be one of the following:
group2 provides more security but requires more processing time.