Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

group

vpn interface ike group—Configure the Diffie-Hellman group number to be used in the IKE key exchange (on vEdge routers only). IKE key exchange is done in a Diffie-Hellman exchange.

Command Hierarchy

vpn vpn-id
  interface ipsecnumber
    ike
      group number

Options

Group Number
number
Diffie-Hellman group number to use in key exchange. The number to use depends on the length of the Diffie-Hellman key. It can be one of the following values:
• 2—Use the 1024-bit more modular exponential (MODP) Diffie-Hellman group.
• 14—Use the 2048-bit MODP Diffie-Hellman group.
• 15—Use the 3072-bit MODP Diffie-Hellman group.
• 16—Use the 4096-bit MODP Diffie-Hellman group.
Default: 16

Example

Change the IKEv1 Diffie-Hellman group number to 15:

vEdge(config)# vpn 1 interface ipsec1 ike
vEdge(config-ike)# group 15

Release Information

Command introduced in Viptela Software Release 17.2.​

Additional Information

See the Configuring IKE article for your software release.
mode

  • Was this article helpful?