Crossroads305
asked on
I am using the ASDM VPN Wizard on my ASA 5505. I'm not sure if I should check Enable Perfect Forwarding Secrecy (PFS)?
I am creating a VPN between a Cisco ASA 5505 and a Cisco 2801 Router. When I am going through the VPN Wizard on the ASA, it has a check box that is check by default that says "Enable Perfect Forwarding Secrecy (PFS)? I didn't see anything like that on the 2801. Do I leave that checked on the ASA. When I do leave it checked I have this entry on my crypto map "crypto map outside_map 1 set pfs group 1". There is nothing like that on the 2801 side. The ASA is not in production yet, that why I havn't tested it to see if it works the way I have it configured now. I'm trying to get is preconfiged and wasn't sure what the above meant, or if I needed it. Thanks
ASKER
The end point is a cisco 2801. I don't see PFS being used on the 2801 side, so I won't use it on the ASA side. Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
Just make sure that both sides match exactly.
Perfect Forward Secrecy (PFS) allows you to add an additional security parameter to tunnel sessions. PFS means that every time encryption and/or authentication key are computed, a new Diffie-Hellman Key Exchange is included.