ike policy WORD<1–32> p2-pfs

Enables the Phase 2 perfect forward secrecy.

Syntax

default ike policy WORD<1–32> p2–pfs [dh-group] [use-ike-group]
ike policy WORD<1–32> p2–pfs <disable | enable> [dh-group <modp768 | modp1024 | modp2048 | any>] [use-ike-group <disable | enable>]
no ike policy WORD<1-32> [p2-pfs]

Command Parameters

dh-group <modp768|modp1024|modp2048|any>: Configures the Diffie-Hellman (DH) group to be used for Phase 2 perfect forward secrecy (PFS). The default value is modp2048.
use-ike-group <enable|disable>: Specifies whether to use the IKE Phase 1 DH group for Phase 2 PFS. The default is enable.
WORD<1–32>: Specifies the name of the IKE Phase 1 policy.

Default

None

Command Mode

Global Configuration

Usage Guidelines

DEMO FEATURE - Secure AAA server communication is a demonstration feature on some products. Demonstration features are provided for testing purposes. Demonstration features are for lab use only and are not for use in a production environment. For more information on feature support, see Fabric Engine and VOSS Feature Support Matrix.