Manualshelf

R3166-R3206-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
51525354555657585960
52
Parameters
None
Description
Use the ipsec decrypt check command to enable ACL checking of de-encapsulated IPsec packets.
Use the undo ipsec decrypt check command to disable ACL checking of de-encapsulated IPsec packets.
By default, ACL checking of de-encapsulated IPsec packets is enabled.
Examples
# Enable ACL checking of de-encapsulated IPsec packets.
<Sysname> system-view
[Sysname] ipsec decrypt check
ipsec policy (interface view)
Syntax
ipsec policy policy-name
undo ipsec policy [ policy-name ]
View
Interface view
Default level
2: System level
Parameters
policy-name: Name of the existing IPsec policy group to be applied to the interface, a string of 1 to 15
characters.
Description
Use the ipsec policy command to apply an IPsec policy group to an interface.
Use the undo ipsec policy command to remove the application.
Only one IPsec policy group can be applied to an interface. To apply another IPsec policy group to the
interface, remove the original application first. An IPsec policy group can be applied to more than one
interface.
With an IPsec policy group applied to an interface, the system uses each IPsec policy in the group to
protect certain data flows.
For each packet to be sent out an IPsec protected interface, the system checks the IPsec policies of the
IPsec policy group in the ascending order of sequence numbers. If it finds an IPsec policy whose ACL
matches the packet, it uses the IPsec policy to protect the packet. If it finds no ACL of the IPsec policies
matches the packet, it does not provide IPsec protection for the packet and sends the packet out directly.
Related commands: ipsec policy (system view).
Examples
# Apply IPsec policy group pg1 to interface GigabitEthernet 0/1.
<Sysname> system-view
[Sysname] interface GigabitEthernet 0/1
[Sysname-GigabitEthernet 0/1] ipsec policy pg1