F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

111

112

113

114

115

116

117

118

119

120

109

A short interval improves the anti-replay information consistency between the active device and the

standby device, but also increases the anti-replay information synchronization frequency and the impact

on the performance of the devices.

The following matrix shows the synchronization anti-replay-interval command and firewalls and UTM

devices compatibility:

Hardware Command com

atible

F1000-A-EI/F1000-S-EI Yes

F1000-E Yes

F5000 Yes

Firewall module Yes

U200-A Yes

U200-S No

Related commands

• display ipsec policy

• display ipsec policy-template

• display ipsec profile

Examples

# Set the inbound anti-replay window synchronization interval to 800 and the outbound anti-replay

sequence number synchronization interval to 50000.

<Sysname> system-view

[Sysname] ipsec policy test 10 isakmp

[Sysname-ipsec-policy-isakmp-test-10] synchronization anti-replay-interval inbound 800

outbound 50000

transform

Use transform to specify a security protocol for an IPsec transform set.

Use undo transform to restore the default.

Syntax

transform { ah | ah-esp | esp }

undo transform

Default

The ESP protocol is used.

Views

IPsec transform set view

Default command level

2: System level

Parameters

ah: Uses the AH protocol.