Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 627
614
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
7
Remote VPN client:
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#peer 1 ikev1
Re
moteIKEv1Peer1
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#show context
crypto map test 2 ipsec-isakmp dynamic
peer 1 ikev1 RemoteIKEv1Peer1
local-endpoint-ip 157.235.204.62
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#
pfs
crypto-map auto-vpn-tunnel/remote-vpn-client instance
Configures the Perfect Forward Secrecy (PFS) for the auto site-to-site VPN tunnel or remote VPN
client
PFS is key-establishment protocol, used to secure VPN communications. If one encryption key is
compromised, only data encrypted by that specific key is compromised. For PFS to exist, the key
used to protect data transmissions must not be used to derive any additional keys. Options include
2, 5 and 14. The option is disabled by default.
Supported in the following platforms:
•
Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point
•
Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000
•
Service Platforms — Brocade Mobility RFS9510
Syntax:
pfs [14|2|5]
Parameters
pfs [14|2|5]
Example
Site-to-site VPN tunnel:
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#pfs 5
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#show context
crypto map test 1 ipsec-isakmp
peer 1 ikev2 ikev2Peer1
local-endpoint-ip 192.168.13.10
pfs 5
ip nat crypto
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#
pfs [14|2|5]
Configures the PFS
•
14 – Configures D-H Group14 (2048-bit modp)
•
2 – Configures D-H Group2 (1024-bit modp)
•
5 – D-H Group5 (1536-bit modp)