Manualshelf

HP VPN Firewall Appliances VPN Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
919293949596979899100
86
Default
No IPsec transform set exists.
Views
System view
Default command level
2: System level
Parameters
transform-set-name: Specifies the name of an IPsec transform set, a case-insensitive string of 1 to 32
characters.
Examples
# Create an IPsec transform set named tran1 and enter its view.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1]
Related commands
display ipsec transform-set
pfs
Use pfs to enable and configure the perfect forward secrecy (PFS) feature so that the system uses the
feature when employing the IPsec policy or IPsec profile to initiate a negotiation.
Use undo pfs to remove the configuration.
Syntax
pfs { dh-group1 | dh-group2 | dh-group5 | dh-group14 }
undo pfs
Default
The PFS feature is not used for negotiation.
Views
IPsec policy view, IPsec policy template view, IPsec profile view
Default command level
2: System level
Parameters
dh-group1: Uses 768-bit Diffie-Hellman group. This keyword is not available for FIPS mode.
dh-group2: Uses 1024-bit Diffie-Hellman group.
dh-group5: Uses 1536-bit Diffie-Hellman group.
dh-group14: Uses 2048-bit Diffie-Hellman group.