dh-group (Security IKE)
Syntax
dh-group (group1 | group2 | group5 | group14 | group15 | group16 | group19 | group20 | group21 | group24);
Hierarchy Level
[edit security ike proposal proposal-name]
Description
Specify the IKE Diffie-Hellman group.
The device does not delete existing IPsec SAs when you update the dh-group
configuration in the IKE proposal.
Options
dh-group
—Diffie-Hellman group for key establishment.
-
group1
—768-bit Modular Exponential (MODP) algorithm. -
group2
—1024-bit MODP algorithm. -
group5
—1536-bit MODP algorithm. -
group14
—2048-bit MODP group. -
group15
—3072-bit MODP algorithm. -
group16
—4096-bit MODP algorithm. -
group19
—256-bit random Elliptic Curve Groups modulo a Prime (ECP groups) algorithm. -
group20
—384-bit random ECP groups algorithm. -
group21
—521-bit random ECP groups algorithm. -
group24
—2048-bit MODP Group with 256-bit prime order subgroup.
We recommend that you use group14
, group15
,
group16
, group19
, group20
, or
group21
instead of group1
,
group2
, or group5
.
We support group15
, group16
, and
group21
options only with iked process when
junos-ike
package is installed.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.
Support for the group14
option added in Junos OS Release 11.1.
Support for group19
, group20
, and
group24
options added in Junos OS Release 12.1X45-D10.
Support for group19
and group20
options added in
Junos OS Release 15.1X49-D70 for vSRX Virtual Firewall.
Support for group15
, group16
, and
group21
options added in Junos OS Release 19.1R1 on SRX5000
line of devices with junos-ike
package installed.
Starting in Junos OS Release 20.2R1, we’ve changed the help text description as
NOT RECOMMENDED
for the CLI options group1
,
group2
, and group5
for devices running IKED
with junos-ike
package installed.
Support for group15
, group16
, and
group21
options added in Junos OS Release 20.3R1 on vSRX
Virtual Firewall instances with junos-ike
package installed.
Support for group15
, group16
, and
group21
options added in Junos OS Release 21.1R1 on vSRX
Virtual Firewall 3.0 instances with junos-ike
package
installed.