Command Reference Guide

3Com Router 3000 Ethernet Family

Chapter 5 IPSec Configuration Commands

3Com Corporation

5-22

[3Com-ipsec-policy-isakmp-shanghai-200] pfs group1

5.1.17 proposal

Syntax

proposal proposal-name1 [ proposal-name2...proposal-name6 ]

undo proposal [ proposal-name ]

View

IPSec policy view, IPSec policy template view

Parameter

proposal-name1,…, proposal-name6: Name of the proposals adopted.

Description

Use the proposal command to set the proposal used by the IPSec policy.

Use the undo proposal command to cancel the proposal used by the IPSec policy.

By default, no proposal is used.

Before using this command, the corresponding IPSec proposal must has been

configured.

If set up in manual mode, an SA can only use one proposal. And if a proposal is already

set, it needs to be deleted by using the undo proposal command before a new one

can be set.

If set up in isakmp mode, an SA can use six proposals at most. IKE negotiation will

search for the completely matching proposal at both ends of the security tunnel.

If it is the IPSec template, each template can use six proposals at most, and the IKE

negotiation will search for the completely matching proposal.

Related command: ipsec proposal, ipsec policy(system view), ipsec

policy(interface view), security acl, tunnel local and tunnel remote.

Example

# Set a proposal with name prop1, adopting ESP and the default algorithm, and set an

IPSec policy as using a proposal name prop1.

[3Com] ipsec proposal prop1

[3Com-ipsec-proposal-prop1] transform esp

[3Com-ipsec-proposal-prop1] quit

[3Com] ipsec policy policy1 100 manual

[3Com-ipsec-policy-manual-policy1-100] proposal prop1