354
dh group14
undo dh
Default
In non-FIPS mode, group1, the 768-bit Diffie-Hellman group, is used.
In FIPS mode, group14, the 2048-bit Diffie-Hellman group, is used.
Views
IKE proposal view
Predefined user roles
network-admin
Parameters
group1: Uses the 768-bit Diffie-Hellman group.
group14: Uses the 2048-bit Diffie-Hellman group.
group2: Uses the 1024-bit Diffie-Hellman group.
group24: Uses the 2048-bit Diffie-Hellman group with the 256-bit prime order subgroup.
group5: Uses the 1536-bit Diffie-Hellman group.
Usage guidelines
A DH group that uses more bits provides higher security but needs more time for processing. To achieve
the best trade-off between processing performance and security, choose a proper Diffie-Hellman group
for your network.
Examples
# Specify the 2048-bit Diffie-Hellman group group1 to be used in key negotiation phase 1 for an IKE
proposal.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] dh group14
Related commands
display ike proposal
display ike proposal
Use display ike proposal to display configuration information about all IKE proposals.
Syntax
display ike proposal
Views
Any view
Predefined user roles
network-admin
network-operator
To Next Page
Loading...
Need help?
General
