Cisco Cisco Packet Data Gateway (PDG)
none
Applies no group and disables Perfect Forward Secrecy. This is the default.
default
Sets the default Diffie-Hellman group algorithm to none. This also deactivates PFS.
Usage Guidelines
Diffie-Hellman groups are used to determine the length of the base prime numbers used during the key
exchange process. The cryptographic strength of any key derived depends, in part, on the strength of the
Diffie-Hellman group upon which the prime numbers are based.
exchange process. The cryptographic strength of any key derived depends, in part, on the strength of the
Diffie-Hellman group upon which the prime numbers are based.
Group 1 provides 768 bits of keying strength, Group 2 provides 1024 bits, Group 5 provides 1536 bits and
Group14 2048 bits. Selecting a group automatically activates Perfect Forward Secrecy. The default value is
none, which disables PFS
Group14 2048 bits. Selecting a group automatically activates Perfect Forward Secrecy. The default value is
none, which disables PFS
Examples
This command configures security at Group 2 and activates PFS:
group 2
group 2
Command Line Interface Reference, Modes I - Q, StarOS Release 19
98
IPSec Transform Set Configuration Mode Commands
group