255
ESP supports three IP packet protection schemes: encryption only, authentication only, or both encryption
and authentication. The undo esp encryption-algorithm command takes effect only if no authentication
algorithm is used.
Related commands: ipsec proposal, esp authentication-algorithm, proposal, and transform.
Examples
# Configure IPsec proposal prop1 to use ESP and specify 3DES as the encryption algorithm for ESP.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform esp
[Sysname-ipsec-proposal-prop1] esp encryption-algorithm 3des
ipsec policy
Syntax
ipsec policy policy-name seq-number [ manual ]
undo ipsec policy policy-name [ seq-number ]
View
System view
Default level
2: System level
Parameters
policy-name: Name for the IPsec policy, a case-insensitive string of 1 to 15 characters. Valid characters
are English letters and numbers. No minus sign (-) can be included.
seq-number: Sequence number for the IPsec policy, in the range 1 to 65535.
manual: Sets up SAs manually.
Description
Use the ipsec policy command to create an IPsec policy and enter its view.
Use the undo ipsec policy command to delete the specified IPsec policies.
By default, no IPsec policy exists.
When creating an IPsec policy, specify the generation mode; when accessing an IPsec policy, however,
you do not need to do so.
You cannot change the generation mode of an existing IPsec policy; you can only delete the policy and
then re-create it with the new mode.
IPsec policies with the same name constitute an IPsec policy group. An IPsec policy is identified uniquely
by its name and sequence number. In an IPsec policy group, an IPsec policy with a smaller sequence
number has a higher priority.
Using the undo ipsec policy command without the seq-number argument deletes an IPsec policy group.
Related commands: display ipsec policy.
Examples
# Create an IPsec policy with the name policy1 and specify the manual mode for it.
To Next Page
Loading...
Need help?
General
