Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Regarding Perfect Forward Secracy

Can anyone explains the exact meaning of Perfect Forward Secracy in simple terms and detailed manner


Re: Regarding Perfect Forward Secracy

Have a look at this link, it will help you understand basics of IP Security

I quote from above link!

Perfect Forward Secrecy (PFS)-PFS ensures that a given IPsec SA key was not derived from any other secret, like some other keys. In other words, if someone breaks a key, PFS ensures that the attacker is not able to derive any other key. If PFS is not enabled, someone can potentially break the IKE SA secret key, copy all the IPsec protected data, and then use knowledge of the IKE SA secret in order to compromise the IPsec SAs setup by this IKE SA. With PFS, breaking IKE does not give an attacker immediate access to IPsec. The attacker needs to break each IPsec SA individually. The Cisco IOS IPsec implementation uses PFS group 1 (D-H 768 bit) by default.

Also reference this thread's answer well put together.


Rate any helpful posts


Re: Regarding Perfect Forward Secracy

I have an issue with this statement "The Cisco IOS IPsec implementation uses PFS group 1 (D-H 768 bit) by default."

Does it mean that when I have a site-2-site

VPN between a Cisco IOS router and a Checkpoint

Firewall, PFS group 1, by default, is enable

on the Cisco's side?

If this is true, if I disable PFS on the

Checkpoint's side, in theory, the VPN tunnel

will fail right?

I find that the oposite is true. In other words, if I disable PFS on the checkpoint's

side, then the VPN tunnel will work; if I

enable PFS on the Checkpoint's side, VPN

tunnel will fail, unless I explicitly perform

"pfs group1" on the Cisco to get the VPN


Am I missing something?

Re: Regarding Perfect Forward Secracy

Hi David, I believe what it means when you enable pfs and don't specify which DH group be used when setting PFS type in Ipsec policy it defaults to DH group 1 768bit

router-3640(config)#crypto map mymap 21

router-3640(config)#crypto map mymap 21

% NOTE: This new crypto map will remain disabled until a peer

and a valid access list have been configured.


router-364(config-crypto-map)#set ?

identity Identity restriction.

isakmp-profile Specify isakmp Profile

peer Allowed Encryption/Decryption peer.

pfs Specify pfs settings

security-association Security association parameters

transform-set Specify list of transform sets in priority order

router-364(config-crypto-map)#set pf

router-364(config-crypto-map)#set pfs ?

group1 D-H Group1 (768-bit modp)

group2 D-H Group2 (1024-bit modp)

group5 D-H Group5 (1536-bit modp)

router-364(config-crypto-map)#set pfs


router-364(config-crypto-map)#set pfs <- Pressed ENTER alone

show run

crypto ipsec transform-set test esp-des esp-md5-hmac


crypto map mymap 21 ipsec-isakmp

! Incomplete

set pfs group1

If this is true, if I disable PFS on the

Checkpoint's side, in theory, the VPN tunnel

will fail right?

I agree with you on this one, If you have PFS enable in one end and not the other end tunnel will not form becuse policy will not match.

New Member

Re: Regarding Perfect Forward Secracy

OK Thanks

Will that mean that in case of PFS IPSec SA will use its own keys(not derived from IKE SA Keys) OR PFS will just protect the IPSec keys from getting broken though the IPSec keys are derived from IKE SA keys