R3303-HP HSR6800 Routers Security Command Reference

285

Field Description

perfect forward secrecy

Perfect forward secrecy, indicating which DH group is to be used for fast

negotiation mode in IKE phase 2.

SA's SPI SPIs of the inbound and outbound SAs.

tunnel Local and remote addresses of the tunnel.

flow

Data flow protected by the IPsec tunnel, including source IP address,

destination IP address, source port, destination port and protocol.

as defined in acl 3001 The IPsec tunnel protects all data flows defined by ACL 3001.

encapsulation-mode

Use encapsulation-mode to set the encapsulation mode that the security protocol uses to encapsulate IP

packets.

Use undo encapsulation-mode to restore the default.

Syntax

encapsulation-mode { transport | tunnel }

undo encapsulation-mode

Default

A security protocol encapsulates IP packets in tunnel mode.

Views

IPsec transform set view

Default command level

2: System level

Parameters

transport: Uses transport mode.

tunnel: Uses tunnel mode.

Usage guidelines

IPsec for IPv6 routing protocols supports only the transport mode.

When IPsec uses IKE to set up the IPsec tunnel, this command can be used only in IPsec transform set view.

Examples

# When IPsec uses IKE, configure IPsec transform set tran1 to use the transport encapsulation mode.

<Sysname> system-view

[Sysname] ipsec transform-set tran1

[Sysname-ipsec-transform-set-tran1] encapsulation-mode transport

Related commands

ipsec transform-set