173
Step Command Remarks
2. Enable fragmentation
before/after encryption.
• To enable fragmentation
before encryption:
ipsec fragmentation
before-encryption enable
• To enable fragmentation
after encryption:
undo ipsec fragmentation
before-encryption enable
Use either command as needed.
By default, fragmentation after
encryption is enabled.
The IPsec transport mode does
not support fragmentation before
encryption.
Implementing tunnel interface-based IPsec
The following is the generic configuration procedure for implementing tunnel interface-based IPsec:
1. Configure an IPsec transform set to specify the security protocols, authentication and
encryption algorithms, and encapsulation mode.
2. Configure an IPsec profile to associate data flows with the IPsec transform set, and to specify
the IKE peer parameters and the SA lifetime.
3. Configure an IPsec tunnel interface and apply the IPsec profile to the interface. To enhance the
encryption and decryption speed of the IPsec tunnel, bind the IPsec profile to one or more
encryption cards.
NOTE:
Because packets routed to the IPsec tunnel interface are all protected, the data protection scope,
which is required for IPsec policy configuration, is not needed in the IPsec profile.
Complete the following tasks to configure tunnel interface-based IPsec:
Task Remarks
Configuring an IPsec transform set
Required.
An IPsec transform set for the
IPsec tunnel interface to
reference supports tunnel mode
only.
Configuring an IPsec profile
Required.
Configuring an IPsec tunnel interface
Required.
Enabling packet information pre-extraction on the IPsec tunnel interface
Optional.
Applying a QoS policy to an IPsec tunnel interface
Optional.
Binding an IPsec policy, IPsec policy group, or IPsec profile to an
encryption card
Optional.
Enabling the encryption engine
Optional.
Enabling the IPsec module backup function
Optional.
Configuring the IPsec session idle timeout
Optional.
Enabling ACL checking of de-encapsulated IPsec packets
Optional.
Configuring the IPsec anti-replay function
Optional.
To Next Page
Loading...
Need help?
General
