R3303-HP HSR6800 Routers Security Command Reference
315
Views
IPsec policy view, IPsec policy template view, IPsec profile view
Default command level
2: System level
Parameters
transform-set-name&<1-6>: Specifies the name of the IPsec transform set, a string of 1 to 32 characters.
&<1-6> means that you can specify up to six transform sets, which are separated by space.
Usage guidelines
The specified IPsec transform sets must already exist.
A manual IPsec policy can reference only one IPsec transform set. To replace a referenced IPsec transform
set, use the undo transform-set command to remove the original transform set binding and then use the
transform-set command to reconfigure one.
An IKE negotiated IPsec policy can reference up to six IPsec transform sets. The IKE negotiation process
will search for and use the exactly matched transform set.
An IPsec profile can reference up to six IPsec transform sets. The IKE negotiation process will search for
and use the exactly matched transform set.
Related commands
• ipsec transform-set
• ipsec policy (system view)
• ipsec profile (system view)
Examples
# Configure IPsec policy policy1 to reference IPsec transform set tran1.
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] quit
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] transform-set tran1
# Configure IPsec profile profile1 to reference IPsec transform set tran2.
<Sysname> system-view
[Sysname] ipsec transform-set tran2
[Sysname-ipsec-transform-set-prop2] quit
[Sysname] ipsec profile profile1
[Sysname-ipsec-profile-profile1] transform-set tran2
tunnel local
Use tunnel local to configure the local address of an IPsec tunnel.
Use undo tunnel local to remove the configuration.
Syntax
tunnel local [ ipv6 ] ip-address
undo tunnel local