dh
Use dh to specify the DH group to be used in key negotiation phase 1 for an IKE proposal.
Use undo dh to restore the default.
Syntax
In non-FIPS mode:
dh { group1 | group14 | group2 | group24 | group5 }
undo dh
In FIPS mode:
dh group14
undo dh
Default
In non-FIPS mode, group1, the 768-bit Diffie-Hellman group, is used.
In FIPS mode, group14, the 2048-bit Diffie-Hellman group is used.
Views
IKE proposal view
Predefined user roles
network-admin
Parameters
group1: Uses the 768-bit Diffie-Hellman group.
group14: Uses the 2048-bit Diffie-Hellman group.
group2: Uses the 1024-bit Diffie-Hellman group.
group24: Uses the 2048-bit Diffie-Hellman group with the 256-bit prime order subgroup.
group5: Uses the 1536-bit Diffie-Hellman group.
Usage guidelines
A DH group that uses more bits provides higher security but needs more time. To achieve the best
trade-off between processing performance and security, choose a proper Diffie-Hellman group for your
network.
Examples
# Specify the 2048-bit Diffie-Hellman group group1 to be used in key negotiation phase 1 for an IKE
proposal.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] dh group14
369
To Next Page
Loading...
Need help?
General
