Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
919293949596979899100
91
Usage guidelines
You enable IPsec stateful failover typically on two redundant gateways in active/standby mode to ensure
instant IPsec tunnel failover for nonstop services.
Disabling IPsec stateful failover will delete all active or standby IPsec SAs and IKE SA.
The following matrix shows the ipsec synchronization enable command and firewalls and UTM devices
compatibility:
Hardware Command com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A Yes
U200-S No
Examples
# Enable IPsec stateful failover.
<Sysname> system-view
[Sysname] ipsec synchronization enable
ipsec transform-set
Use ipsec transform-set to create an IPsec transform set and enter IPsec transform set view.
Use undo ipsec transform-set to delete an IPsec transform set.
Syntax
ipsec transform-set transform-set-name
undo ipsec transform-set transform-set-name
Default
No IPsec transform set exists.
Views
System view
Default command level
2: System level
Parameters
transform-set-name: Name of an IPsec transform set, a case-insensitive string of 1 to 32 characters.
Examples
# Create an IPsec transform set named tran1 and enter its view.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1]