EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #285 background imageLoading...
Page #285 background image
272
Step
Command
Remarks
4.
(Optional.) Specify an ACL
for the IPsec policy template.
security acl
[
ipv6
] { acl-number |
name
acl-name } [
aggregation
|
per-host
]
By default, no ACL is specified for
an IPsec policy template.
You can specify only one ACL for
an IPsec policy template.
5. Specify IPsec transform sets
for the IPsec policy template.
transform-set
transform-set-name&<1-6>
By default, no
IPsec transform
sets are specified for an IPsec
policy template.
6. Specify an IKE profile for the
IPsec policy template.
ike-profile
profile-name
By default, no IKE
profile is
specified for an
IPsec policy
template.
You can specify only one IKE
profile for an IPsec policy
template. The IKE profile cannot
be used by another IPsec policy
template or IPsec policy.
For more information about IKE
profiles, see "Configuring IKE."
7. Specify an IKEv2 profile for
the IPsec policy template.
ikev2-profile
profile-name
The
ikev2-profile
command is
available in Release 1121 and
later.
By default, no IKEv2
profile is
specified for an IPsec policy
template.
You can specify only one IKEv2
profile for an IPsec policy
template.
For more information about IKEv2
profiles, see "Configuring IKEv2."
8. (Optional.) Specify the local
IP address of the IPsec
tunnel.
local-address
{ ipv4-address |
ipv6
ipv6-address }
By default, the local IPv4 address
of IPsec tunnel is the primary IPv4
address of the interface to which
the IPsec policy is applied
, and
the local IPv6
address of the
IPsec tunnel is the first IPv6
address of the interface to which
the IPsec policy is applied.
The local IP address specified by
this command must be the same
as the IP address used as the
local IKE identity.
9.
(Optional.) Specify the
remote IP address of the
IPsec tunnel.
remote-address
{ [
ipv6
]
host-name | ipv4-address |
ipv6
ipv6-address }
By default, the remote IP address
of the IPsec tunnel is not
specified.
10. Configure the IPsec SA
lifetime.
sa
duration
{
time-based
seconds |
traffic-based
kilobytes }
By default, the global SA lifetime
settings are used.
11. (Optional.) Set the IPsec SA
idle timeout.
sa idle-time
seconds
By default, the global SA idle
timeout is used.
12. (Optional.) Enable the Traffic
Flow Confidentiality (TFC)
padding feature.
tfc enable
The
tfc enable
command is
available in Release 1121 and
later.
B
y default, the TFC padding
feature is disabled.

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals