Diffie-Hellman groups with or without perfect forward secrecy
(PFS):
No PFS—This option specifies that the firewall reuses the
same key for IKE phase 1 and phase 2 instead of renewing the
key for phase 2. Group 1 (768-bit keys) with PFS enabled Group 2 (1024-bit keys) with PFS enabled Group 5 (1536-bit keys) with PFS enabled Group 14 (2048-bit keys) with PFS enabled Group 15 (3072-bit modular exponential group) Group 16 (4096-bit modular exponential group) Group 19 (256-bit elliptic curve group) with PFS enabled Group 20 (384-bit elliptic curve group) with PFS enabled Group 21 (512-bit random elliptic curve group)
|