Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
IKEv2 Security Association Configuration Mode Commands
▀ group
▄ Cisco ASR 5000 Series Command Line Interface Reference
OL-22947-02
group
Configure the appropriate key exchange cryptographic strength by applying a Diffie-Hellman group. Default is Group 2.
Product
PDIF
Privilege
Security Administrator, Administrator
Syntax
Configures crypto strength at the Group 1 level. Lowest security.
Configures crypto strength at the Group 2 (default) level. Medium security.
This is the default setting for this command.
This is the default setting for this command.
Configures crypto strength at the Group 5 level. Higher security.
Configures crypto strength at the Group 14 level. Highest security
Usage
Diffie-Hellman groups are used to determine the length of the base prime numbers used during the key
exchange process in IKEv2. The cryptographic strength of any key derived depends, in part, on the strength
of the Diffie-Hellman group upon which the prime numbers are based.
Group 1 provides 768 bits of keying strength, Group 2 provides 1024 bits, Group 5 provides 1536 bits and
Group 14 provides 2048 bits of encryption strength.
Configuring a DH group also enables Perfect Forward Secrecy, which is disabled by default.
exchange process in IKEv2. The cryptographic strength of any key derived depends, in part, on the strength
of the Diffie-Hellman group upon which the prime numbers are based.
Group 1 provides 768 bits of keying strength, Group 2 provides 1024 bits, Group 5 provides 1536 bits and
Group 14 provides 2048 bits of encryption strength.
Configuring a DH group also enables Perfect Forward Secrecy, which is disabled by default.
Example
This command configures security at the default level (Group 2):
This command configures security at the default level (Group 2):