To Next Page

To Previous Page

515

Field

Description

Mode

Negotiation mode of the IPsec policy:

• Manual—Manual mode.

• ISAKMP—IKE negotiation mode.

• Template—IPsec policy template mode.

• GDOI—GDOI mode.

The policy configuration is incomplete

IPsec policy configuration incomplete. Possible causes include:

• The ACL is not configured.

• The IPsec transform set is not configured.

• The ACL does not have any permit statements.

• The IPsec transform set configuration is not complete.

• The peer IP address of the IPsec tunnel is not specified.

• The SPI and key of the IPsec SA do not match those in the

IPsec policy.

Description Description of the IPsec policy.

Traffic Flow Confidentiality Whether Traffic Flow Confidentiality (TFC) padding is enabled.

Security data flow ACL used by the IPsec policy.

Selector mode

Data flow protection mode of the IPsec policy:

• standard

• aggregation

• per-host

Local address

Local end IP address of the IPsec tunnel (available only for the

IKE-based IPsec policy).

Remote address Remote end IP address or host name of the IPsec tunnel.

Transform set Transform set used by the IPsec policy.

IKE profile IKE profile used by the IPsec policy.

IKEv2 profile IKEv2 profile used by the IPsec policy.

SA duration(time based) Time-based IPsec SA lifetime, in seconds.

SA duration(traffic based) Traffic-based IPsec SA lifetime, in kilobytes.

SA idle time Idle timeout of the IPsec SA, in seconds.

AH string-key

AH string key. This field displays ****** if the key is configured

and it is empty if the key is not configured.

AH authentication hex key

AH authentication hexadecimal key. This field displays ****** if

the key is configured and it is empty if the key is not configured.

ESP string-key

ESP string key. This field displays ****** if the key is configured

and it is empty if the key is not configured.

ESP encryption hex key

ESP encryption hexadecimal key. This field displays ****** if the

key is configured and it is empty if the key is not configured.

ESP authentication hex key

ESP authentication hexadecimal key. This field displays ****** if

the key is configured and it is empty if the key is not configured.

Group name

GDOI GM group used by the IPsec policy.

This field is displayed when the negotiation mode is GDOI.

Related commands

ipsec { ipv6-policy | policy }

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS