Cisco 5510 Getting Started Guide - Page 160
Configuring IPsec Encryption and Authentication Parameters, Enable Perfect Forwarding Secrecy PFS
![]() |
UPC - 882658094767
View all Cisco 5510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 160 highlights
Implementing the Site-to-Site Scenario Chapter 12 Scenario: Site-to-Site VPN Configuration Configuring IPsec Encryption and Authentication Parameters In Step 4 of the VPN Wizard, perform the following steps: Step 1 Choose the encryption algorithm (DES/3DES/AES) from the Encryption drop-down list, and the authentication algorithm (MD5/SHA) from the Authentication drop-down list. Step 2 Check the Enable Perfect Forwarding Secrecy (PFS) check box to specify whether to use perfect forwarding secrecy, and the size of the numbers to use from the Diffie-Hellman Group drop-down list, in generating Phase 2 IPsec keys. PFS is a cryptographic concept where each new key is unrelated to any previous key. In IPsec negotiations, Phase 2 keys are based on Phase 1 keys unless PFS is enabled. PFS uses Diffie-Hellman techniques to generate the keys. 12-8 Cisco ASA 5500 Series Getting Started Guide 78-19186-01
![](/manual_guide/products/cisco-5510-getting-started-guide-a35054b/160.png)