Cisco Cisco ASR 5000
IPSec Transform Set Configuration Mode Commands
▀ group
▄ Command Line Interface Reference, StarOS Release 18
6652
Usage
Diffie-Hellman groups are used to determine the length of the base prime numbers used during the key
exchange process. The cryptographic strength of any key derived depends, in part, on the strength of the
Diffie-Hellman group upon which the prime numbers are based.
Group 1 provides 768 bits of keying strength, Group 2 provides 1024 bits, Group 5 provides 1536 bits and
Group14 2048 bits. Selecting a group automatically activates Perfect Forward Secrecy. The default value is
none, which disables PFS
exchange process. The cryptographic strength of any key derived depends, in part, on the strength of the
Diffie-Hellman group upon which the prime numbers are based.
Group 1 provides 768 bits of keying strength, Group 2 provides 1024 bits, Group 5 provides 1536 bits and
Group14 2048 bits. Selecting a group automatically activates Perfect Forward Secrecy. The default value is
none, which disables PFS
Example
This command configures security at Group 2 and activates PFS:
group 2