Filter
Top Products
Chapter 17 IP Security
IPSec Policies
17-6
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Enable Perfect Forwarding Secrecy
When security keys are derived from previously generated keys, there is a security
problem, because if one key is compromised, then the others can be compromised
also. Perfect Forwarding Secrecy (PFS) guarantees that each key is derived
independently. It thus ensures that if one key is compromised, no other keys will
be. If you enable PFS, you can specify use of the Diffie-Hellman group1, group2,
or group5 method.
Note If your router does not support group5, it will not appear in the list.
Enable Reverse Route Injection
Reverse Route Injection (RRI) is used to populate the routing table of an internal
router running Open Shortest Path First (OSPF) protocol or Routing Information
Protocol (RIP) for remote VPN clients or LAN-to-LAN sessions.
Reverse Route Injection dynamically adds static routes to the clients connected to
the Easy VPN server.
Add or Edit Crypto Map: Peer Information
A crypto map includes the hostnames or IP addresses of the peers involved in the
security association. This screen allows you to add and remove peers associated
with this crypto map. Multiple peers provide the router with multiple routes for
encrypted data.
If you want to: Do this:
Add a peer to the Current List. Enter the IP address or host name of the peer, and click Add.
Remove a peer from the Current List. Select the peer, and click Remove.