Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 5000 Router Series
2181218221832184218521862187218821892190
3Com Router 5000 Family and Router 6000 Family pfs 189
Command Reference
pfs
Purpose Use the pfs command to set the Perfect Forward Secrecy (PFS) feature for the IPSec
policy to initiate the negotiation.
Use the undo pfs command to set not to use the PFS feature during the
negotiation.
Syntax pfs { dh-group1 | dh-group2 | dh-group5 | dh-group14 }
undo pfs
Parameters dh-group1
Specifies that the 768-bit Diffie-Hellman group is used.
dh-group2
Specifies that the 1024-bit Diffie-Hellman group is
used.
dh-group5
Specifies that the 1536-bit Diffie-Hellman group is
used.
dh-group14
Specifies that the 2048-bit Diffie-Hellman group is
used.
Default By default, no PFS feature is used.
Example Set that PFS must be used when negotiating through ipsec policy shanghai 200.
[3Com] ipsec policy shanghai 200 isakmp
[3Com-ipsec-policy-isakmp-shanghai-200] pfs group1
View This command can be used in the following views:
IPSec Policy view
IPSec Policy Template view
Description The command is used to add a PFS exchange process when IPSec uses the ipsec policy
to initiate a negotiation. This additional key exchange is performed during the phase
2 negotiation so as to enhance the communication safety. The DH group specified by
the local and remote ends must be consistent, otherwise the negotiation will fail.
Can this command be used only when the security alliance is established through IKE
style.
Related Commands ipsec policy (Interface view)
ipsec policy (System view)
ipsec policy-template