How to check PFS is enabeld or disabled:
(Aruba7210) #show crypto-local ipsec-map
Crypto Map Template"test" 100
IKE Version: 1
IKEv1 Policy: All
Security association lifetime seconds : [300 -86400]
Security association lifetime kilobytes: N/A
PFS (Y/N): N <-- disabled="" here="" is="" pfs="" span="">-->
Transform sets={ default-transform }
Peer gateway: 0.0.0.0
Interface: VLAN 0
Source network: 0.0.0.0/0.0.0.0
Destination network: 0.0.0.0/0.0.0.0
Pre-Connect (Y/N): N
Tunnel Trusted (Y/N): N
Forced NAT-T (Y/N): N
How to enable PFS for IPSEC tunnel:
(Aruba7210) #configure terminal
(Aruba7210) (config) #crypto-local ipsec-map test 100
(Aruba7210) (config-ipsec-map)# set pfs
Note: If we decide to enable PFS(As a additional Security for
IPSEC tunnel), then we need to enable it on both the end(Initiator and
Responder).
No comments:
Post a Comment