Chapter 12 Scenario: Site-to-Site VPN Configuration
Implementing the Site-to-Site Scenario
12-8
Cisco ASA 5500 Series Getting Started Guide
78-19186-01
Configuring IPsec Encryption and Authentication Parameters
In Step 4 of the VPN Wizard, perform the following steps:
Step 1 Choose the encryption algorithm (DES/3DES/AES) from the Encryption
drop-down list, and the authentication algorithm (MD5/SHA) from the
Authentication drop-down list.
Step 2 Check the Enable Perfect Forwarding Secrecy (PFS) check box to specify
whether to use perfect forwarding secrecy, and the size of the numbers to use from
the Diffie-Hellman Group drop-down list, in generating Phase 2 IPsec keys.
PFS is a cryptographic concept where each new key is unrelated to any previous
key. In IPsec negotiations, Phase 2 keys are based on Phase 1 keys unless PFS is
enabled. PFS uses Diffie-Hellman techniques to generate the keys.
To Next Page
Loading...
