H3C MSR Series

To Next Page

To Previous Page

515

Field

Description

Mode

Negotiation mode of the IPsec policy:

• Manual—Manual mode.

• ISAKMP—IKE negotiation mode.

• Template—IPsec policy template mode.

• GDOI—GDOI mode.

The policy configuration is incomplete

IPsec policy configuration incomplete. Possible causes include:

• The ACL is not configured.

• The IPsec transform set is not configured.

• The ACL does not have any permit statements.

• The IPsec transform set configuration is not complete.

• The peer IP address of the IPsec tunnel is not specified.

• The SPI and key of the IPsec SA do not match those in the

IPsec policy.

Description Description of the IPsec policy.

Traffic Flow Confidentiality Whether Traffic Flow Confidentiality (TFC) padding is enabled.

Security data flow ACL used by the IPsec policy.

Selector mode

Data flow protection mode of the IPsec policy:

• standard

• aggregation

• per-host

Local address

Local end IP address of the IPsec tunnel (available only for the

IKE-based IPsec policy).

Remote address Remote end IP address or host name of the IPsec tunnel.

Transform set Transform set used by the IPsec policy.

IKE profile IKE profile used by the IPsec policy.

IKEv2 profile IKEv2 profile used by the IPsec policy.

SA duration(time based) Time-based IPsec SA lifetime, in seconds.

SA duration(traffic based) Traffic-based IPsec SA lifetime, in kilobytes.

SA idle time Idle timeout of the IPsec SA, in seconds.

AH string-key

AH string key. This field displays ****** if the key is configured

and it is empty if the key is not configured.

AH authentication hex key

AH authentication hexadecimal key. This field displays ****** if

the key is configured and it is empty if the key is not configured.

ESP string-key

ESP string key. This field displays ****** if the key is configured

and it is empty if the key is not configured.

ESP encryption hex key

ESP encryption hexadecimal key. This field displays ****** if the

key is configured and it is empty if the key is not configured.

ESP authentication hex key

ESP authentication hexadecimal key. This field displays ****** if

the key is configured and it is empty if the key is not configured.

Group name

GDOI GM group used by the IPsec policy.

This field is displayed when the negotiation mode is GDOI.

Related commands

ipsec { ipv6-policy | policy }

Main Page

Table of Contents

Other manuals for H3C MSR Series

Related product manuals