EasyManua.ls Logo

HPE FlexNetwork MSR Series

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
172
Step Command Remarks
3. Enable IPsec RRI.
reverse-route
[
remote-peer
ip-address [
gateway
|
static
] |
static
]
Disabled by default.
To enable static IPsec RRI,
specify the
static
keyword. If the
keyword is not specified,
dynamic IPsec RRI is enabled.
4. Change the preference of
the static routes created
by IPsec RRI.
reverse-route
preference
preference-value
Optional.
60 by default.
5. Set a tag for the static
routes created by IPsec
RRI.
reverse-route
tag
tag-value
Optional.
0 by default.
IPsec RRI can operate in both tunnel mode and transport mode.
When you change the route attributes, static IPsec RRI deletes all static routes it has created and
creates new static routes. In contrast, dynamic IPsec RRI applies the new attributes only to
subsequent static routes. It does not delete or modify static routes it has created.
Enabling transparent data transmission without NAT
By default, if an interface is configured with both NAT and IPsec, the outgoing packets on the
interface are processed by NAT and then IPsec.
In some special scenarios, NAT is not required before IPsec processing. You can use this feature to
enable transparent data transmission without NAT for the interface.
To enable transparent data transmission without NAT:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable transparent data
transmission without NAT.
ipsec no-nat-process enable
Optional.
Disabled by default.
Enabling fragmentation before/after encryption
If the size of a packet exceeds the interface MTU after the packet is encapsulated:
If fragmentation before encryption is enabled, the packet is fragmented first and then
encapsulated.
If fragmentation after encryption is enabled, the packet is encapsulated first and then
fragmented.
If a GDOI IPsec policy entry is applied to an interface of the device, you must enable fragmentation
before encryption. Otherwise, packets fragmented after encapsulation at the local end cannot be
reassembled at the remote end, resulting in a decryption failure. For more information about GDOI
IPsec policies, see "Configuring group encrypted transport VPN."
To enable fragmentation before/after encryption:
Step Command Remarks
1. Enter system view.
system-view
N/A

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Related product manuals