tmnxIPsecTransformPfsDhGroup
TIMETRA-IPSEC-MIB ·
.1.3.6.1.4.1.6527.3.1.2.48.2.1.6
Object
column
r/w
TmnxIPsecTransformPfsDhGrp
The value of tmnxIPsecTransformPfsDhGroup specifies the Diffie-hellman
(DH) key exchange to be used each time the Security Association (SA)
key is renegotiated. After the SA expires, the key is forgotten and
another key is generated (if the SA remains up). This means that an
attacker who cracks part of the exchange can only read the part that
used the key before the key changed. There is no advantage of cracking
the other parts if the attacker has already cracked one.
The value of 'inherit (-1)' specifies that the IPsec tunnel or gateway
which refers to this IPsec transform will reuse the DH group
configurations from its associated IKE policy table
(tmnxIkePolicyTable). Specifically, if the value of
tmnxIkePolicyPFSEnabled is 'true (1)', the IPsec transform will use
the value of tmnxIkePolicyPFSDHGroup. If the value of
tmnxIkePolicyPFSEnabled is 'false (2)', the IPsec transform doesn't
use any DH group.
Context
- MIB
- TIMETRA-IPSEC-MIB
- OID
.1.3.6.1.4.1.6527.3.1.2.48.2.1.6- Type
- column
- Access
- readwrite
- Status
- current
- Parent
- tmnxIPsecTransformEntry
Syntax
TmnxIPsecTransformPfsDhGrp
Values & Constraints
No enumerated values or constraints recorded.