HP VPN Firewall Appliances VPN Command Reference
78
[Sysname] ipsec anti-replay window 64
ipsec decrypt check
Use ipsec decrypt check to enable ACL checking of de-encapsulated IPsec packets.
Use undo ipsec decrypt check to disable ACL checking of de-encapsulated IPsec packets.
Syntax
ipsec decrypt check
undo ipsec decrypt check
Default
ACL checking of de-encapsulated IPsec packets is enabled.
Views
System view
Default command level
2: System level
Examples
# Enable ACL checking of de-encapsulated IPsec packets.
<Sysname> system-view
[Sysname] ipsec decrypt check
ipsec invalid-spi-recovery enable
Use ipsec invalid-spi-recovery enable to enable invalid security parameter index (SPI) recovery.
Use undo ipsec invalid-spi-recovery enable to restore the default.
Syntax
ipsec invalid-spi-recovery enable
undo ipsec invalid-spi-recovery enable
Default
The invalid SPI recovery is disabled. The receiver discards IPsec packets with invalid SPIs.
Views
System view
Default command level
2: System level
Usage guidelines
Invalid SPI recovery enables an IPsec security gateway to send an INVALID SPI NOTIFY message to its
peer when it receives an IPsec packet but cannot find any SA with the specified SPI. When the peer
receives the message, it deletes the SAs on its side. Then, subsequent traffic triggers the two peers to
establish new SAs.