topic hi, in Network Security https://community.cisco.com/t5/network-security/perfect-forward-secrecy-pfs/m-p/2934734#M144344 <P>hi,</P> <P>PFS in ASA (for IKE phase 2) is disabled by default.</P> <P>you just manually choose which DH group to use for PFS.</P> Wed, 14 Dec 2016 02:28:28 GMT johnlloyd_13 2016-12-14T02:28:28Z Perfect Forward Secrecy (PFS) https://community.cisco.com/t5/network-security/perfect-forward-secrecy-pfs/m-p/2934732#M144340 <P>Hi,</P> <P></P> <P>In router for the PFS, default group is 1.. How about in ASA firewall, which group is default for the PFS.</P> Tue, 12 Mar 2019 08:38:10 GMT https://community.cisco.com/t5/network-security/perfect-forward-secrecy-pfs/m-p/2934732#M144340 Santhosh PS 2019-03-12T08:38:10Z Hi Santhosh, https://community.cisco.com/t5/network-security/perfect-forward-secrecy-pfs/m-p/2934733#M144342 <P>Hi Santhosh,</P> <P>The ASA uses PFS as an optional command - I do not believe there is a default.</P> <P></P> <P>You can type "show run all" to see all hidden and default commands on the ASA</P> <P></P> <P>Here is a link about IPSEC</P> <P>http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119141-configure-asa-00.html</P> Tue, 13 Dec 2016 19:14:17 GMT https://community.cisco.com/t5/network-security/perfect-forward-secrecy-pfs/m-p/2934733#M144342 John Forester 2016-12-13T19:14:17Z hi, https://community.cisco.com/t5/network-security/perfect-forward-secrecy-pfs/m-p/2934734#M144344 <P>hi,</P> <P>PFS in ASA (for IKE phase 2) is disabled by default.</P> <P>you just manually choose which DH group to use for PFS.</P> Wed, 14 Dec 2016 02:28:28 GMT https://community.cisco.com/t5/network-security/perfect-forward-secrecy-pfs/m-p/2934734#M144344 johnlloyd_13 2016-12-14T02:28:28Z PFS uses DH policy of 1,2,5.. https://community.cisco.com/t5/network-security/perfect-forward-secrecy-pfs/m-p/2934735#M144345 <P>PFS uses DH policy of 1,2,5.. Just wanted to know, If we give just set pfs, which default DH policy it will take up.</P> Wed, 14 Dec 2016 06:49:21 GMT https://community.cisco.com/t5/network-security/perfect-forward-secrecy-pfs/m-p/2934735#M144345 Santhosh PS 2016-12-14T06:49:21Z