Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 3000 Router Series

1161

3Com Router 3000 Ethernet Family

Chapter 5 IPSec Configuration Commands

3Com Corporation

5-34

Transfer

mode

Security

protocol

transport tun nel

esp

ah-esp

IP A H

data

IP AH

data

IP ESP

dat a

ESP-T

IP ES P

data

ESP-TIP

IP ESP

dat a

ESP-TAH IP ESP

dat a

ESP-TAH IP

Figure 5-1 Data encapsulation formats of security protocols

“data” in the figure is the original IP datagram.

Related command: ah authentication-algorithm, ipsec proposal, esp

encryption-algorithm, esp authentication-algorithm, encapsulation-mode and

proposal.

Example

# Set a proposal using AH.

[3Com] ipsec proposal prop1

[3Com-ipsec-proposal-prop1] transform ah

5.1.27 tunnel local

Syntax

tunnel local ip-address

undo tunnel local

View

Manually-established IPSec policy view

Parameter

ip-address: Local address in dotted decimal format.

Description

Use the tunnel local command to set the local address of an ipsec policy.

Use the undo tunnel local command to delete the local address set in the ipsec policy.

By default, the local address of an ipsec policy is not configured.

It is not necessary to set a local address for an ipsec policy in isakmp mode, so this

command is invalid in this situation. IKE can automatically obtain the local address from

the interface where this ipsec policy is applied.