R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

111

112

113

114

115

116

117

118

119

120

105

When the two peers support both data flow protection modes, they must be configured to work in the

same mode.

Related commands: ipsec policy (system view).

Examples

# Configure IPsec policy policy1 to reference ACL 3001.

<Sysname> system-view

[Sysname] acl number 3001

[Sysname-acl-adv-3001] rule permit tcp source 10.1.1.0 0.0.0.255 destination 10.1.2.0

0.0.0.255

[Sysname-acl-adv-3001] quit

[Sysname] ipsec policy policy1 100 manual

[Sysname-ipsec-policy-manual-policy1-100] security acl 3001

# Configure IPsec policy policy2 to reference ACL 3002, setting the data flow protection mode to

aggregation.

<Sysname> system-view

[Sysname] acl number 3002

[Sysname-acl-adv-3002] rule 0 permit ip source 10.1.2.1 0.0.0.255 destination 10.1.2.2

0.0.0.255

[Sysname-acl-adv-3002] rule 1 permit ip source 10.1.3.1 0.0.0.255 destination 10.1.3.2

0.0.0.255

[Sysname] ipsec policy policy2 1 isakmp

[Sysname-ipsec-policy-isakmp-policy2-1] security acl 3002 aggregation

synchronization anti-replay-interval (IPsec policy view/ IPsec

policy template view/ IPsec profile view)

Syntax

synchronization anti-replay-interval inbound inbound-number outbound outbound-number

undo synchronization anti-replay-interval

View

IPsec policy view, IPsec policy template view, IPsec profile view

Default level

2: System level

Parameters

inbound-number: Interval at which the device, when functioning as the active device, synchronizes

information about the anti-replay window in the inbound direction to the standby device. It is expresses

in the number of received packets and is in the range of 0 to 1000. A value of 0 means not to

synchronize the information.

outbound-number: Interval at which the device, when functioning as the active device, synchronizes the

anti-replay sequence number in the outbound direction to the standby device. It is expresses in the

number of sent packets and is in the range of 1000 to 100000.

Description

Use synchronization anti-replay-interval to set the inbound anti-replay window information

synchronization interval and the outbound anti-replay sequence number synchronization interval.