Manualshelf

R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
301302303304305306307308309310
293
In a group encrypted transport VPN, you must configure IPsec GDOI policies on the group members. For
more information about group encrypted transport VPN, see Security Configuration Guide.
Examples
# Create an IPsec policy with the name policy1 and sequence number 100, and specify to set up SAs
through IKE negotiation.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100]
# Create an IPsec policy with the name policy1 and specify the manual mode for it.
<Sysname> system-view
[Sysname] ipsec policy policy1 101 manual
[Sysname-ipsec-policy-manual-policy1-101]
Related commands
ipsec policy (interface view)
display ipsec policy
ipsec policy isakmp template
Use ipsec policy isakmp template to create an IPsec policy by referencing an existing IPsec policy
template, so that IKE can use the IPsec policy for SA negotiation.
Use undo ipsec policy with the seq-number argument to delete an IPsec policy.
Use undo ipsec policy without the seq-number argument to delete an IPsec policy group.
Syntax
ipsec policy policy-name seq-number isakmp template template-name
undo ipsec policy policy-name [ seq-number ]
Views
System view
Default command level
2: System level
Parameters
policy-name: Specifies the name for the IPsec policy, a case-insensitive string of 1 to 15 characters. No
minus sign (-) can be included.
seq-number: Specifies the sequence number for the IPsec policy, in the range of 1 to 65535.
isakmp template template-name: Specifies the name of the IPsec policy template to be referenced.
Usage guidelines
In an IPsec policy group, an IPsec policy with a smaller sequence number has a higher priority.
After you create an IPsec policy by referencing an IPsec policy template, to modify the configuration for
the IPsec policy, you must enter the IPsec policy template view instead of the IPsec policy view.
You cannot change the negotiation mode of an IPsec policy. To do so, you must delete the IPsec policy
and then re-create it.