HP VPN Firewall Appliances VPN Command Reference
103
Default command level
2: System level
Parameters
inbound-number: Specifies the interval at which the device, when functioning as the active device,
synchronizes the inbound anti-replay window to the standby device. It is expressed in the number of
received packets. The value range is 0 to 1000. If you set the argument to 0, inbound anti-replay window
synchronization is disabled.
outbound-number: Specifies the interval at which the device, when functioning as the active device,
synchronizes the outbound anti-replay sequence number to the standby device. It is expressed in the
number of sent packets. The value range is 1000 to 100000.
Usage guidelines
In an IPsec stateful failover scenario, the active device regularly synchronizes anti-replay information to
the standby device. When the active device fails, the standby device continues to provide the anti-replay
service based on the synchronized anti-replay information.
A short interval improves the anti-replay information consistency between the active device and the
standby device, but also increases the anti-replay information synchronization frequency and the impact
on the performance of the devices.
Related commands
• display ipsec policy
• display ipsec policy-template
• display ipsec profile
Examples
# Set the inbound anti-replay window synchronization interval to 800 and the outbound anti-replay
sequence number synchronization interval to 50000.
<Sysname> system-view
[Sysname] ipsec policy test 10 isakmp
[Sysname-ipsec-policy-isakmp-test-10] synchronization anti-replay-interval inbound 800
outbound 50000
transform
Use transform to specify a security protocol for an IPsec transform set.
Use undo transform to restore the default.
Syntax
transform { ah | ah-esp | esp }
undo transform
Default
The ESP protocol is used.
Views
IPsec transform set view