Navigation
perfect-forward-secrecy (Services IPsec VPN)
Syntax
perfect-forward-secrecy {keys (group1 | group2 | group5 | group14 | group19 | group20);}
Hierarchy Level
Release Information
Statement introduced before Junos OS Release 7.4.
Description
Define Perfect Forward Secrecy (PFS). Creates single-use keys. This statement is optional.
Options
keys—Type of Diffie-Hellman prime modulus group that IKE uses when performing the new Diffie-Hellman exchange. The key can be one of the following:
- group1—768-bit.
- group2—1024-bit.
- group5—1536-bit.
- group14—2048-bit.
- group19—256-bit random Elliptic Curve Group.
- group20—-384-bit random Elliptic Curve Group.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
