Cisco Cisco Packet Data Gateway (PDG) トラブルシューティングガイド
IPSec Transform Set Configuration Mode Commands
group ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22948-01
group
Configure the appropriate key exchange cryptographic strength and activate Perfect Forward Secrecy by applying a
Diffie-Hellman group.
Diffie-Hellman group.
Product
PDIF
Privilege
Security Administrator, Administrator
Syntax
Configures the default crypto strength to be
and disables Perfect Forward Secrecy.
Configures crypto strength at the Group 1 level. Lowest security.
Configures crypto strength at the Group 2 level. Medium security.
Configures crypto strength at the Group 5 level. Higher security.
Configures crypto strength at the Group 14 level. Highest security.
Applies no group and disables Perfect Forward Secrecy. This is the default.
Usage
Diffie-Hellman groups are used to determine the length of the base prime numbers used during the key
exchange process. The cryptographic strength of any key derived depends, in part, on the strength of the
Diffie-Hellman group upon which the prime numbers are based.
Group 1 provides 768 bits of keying strength, Group 2 provides 1024 bits, Group 5 provides 1536 bits and
Group14 2048 bits. Selecting a group automatically activates Perfect Forward Secrecy. The default value is
none, which disables PFS
exchange process. The cryptographic strength of any key derived depends, in part, on the strength of the
Diffie-Hellman group upon which the prime numbers are based.
Group 1 provides 768 bits of keying strength, Group 2 provides 1024 bits, Group 5 provides 1536 bits and
Group14 2048 bits. Selecting a group automatically activates Perfect Forward Secrecy. The default value is
none, which disables PFS
Example
This command configures security at Group 2 and activates PFS:
This command configures security at Group 2 and activates PFS: