HP VPN Firewall Appliances VPN Command Reference
104
Default command level
2: System level
Parameters
ah: Uses the AH protocol.
ah-esp: Uses ESP first and then AH.
esp: Uses the ESP protocol.
Usage guidelines
The IPsec transform sets at the two ends of an IPsec tunnel must use the same security protocol.
Examples
# Configure IPsec transform set prop1 to use AH.
<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] transform ah
Related commands
ipsec transform-set
transform-set
Use transform-set to specify an IPsec transform set for the IPsec policy or IPsec profile to reference.
Use undo transform-set to remove an IPsec transform set referenced by the IPsec policy or IPsec profile.
Syntax
transform-set transform-set-name&<1-6>
undo transform-set [ transform-set-name ]
Default
An IPsec policy or IPsec profile references no IPsec transform set.
Views
IPsec policy view, IPsec policy template view, IPsec profile view
Default command level
2: System level
Parameters
transform-set-name&<1-6>: Specifies the name of the IPsec transform set, a string of 1 to 32 characters.
&<1-6> means that you can specify up to six transform sets, which are separated by space.
Usage guidelines
The specified IPsec transform sets must already exist.
A manual IPsec policy can reference only one IPsec transform set. To replace a referenced IPsec transform
set, use the undo transform-set command to remove the original transform set binding and then use the
transform-set command to reconfigure one.
An IKE negotiated IPsec policy can reference up to six IPsec transform sets. The IKE negotiation process
will search for and use the exactly matched transform set.