tunnel pfs group

Syntax

tunnel pfs group { 1 | 2 | 5 }

no tunnel pfs group

Release Information

Command introduced before JunosE Release 7.1.0.

Description

Configures perfect forward secrecy for the IPSec tunnel by assigning a Diffie-Hellman prime modulus group. The no version removes PFS from this tunnel.

Options

• 1—Assigns a 768-bit Diffie-Hellman prime modulus group
• 2—Assigns a 1024-bit Diffie-Hellman prime modulus group
• 5—Assigns a 1536-bit Diffie-Hellman prime modulus group

Mode

Interface Configuration