Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
111112113114115116117118119120
106
Use undo synchronization anti-replay-interval to restore the defaults.
By default, the inbound anti-replay window information synchronization interval is 1000, and the
outbound anti-replay sequence number synchronization interval is 100000.
In an IPsec stateful failover scenario, the active device synchronizes anti-replay information to the standby
device at the specified intervals. When the active device fails, the standby device continues to provide
the anti-replay service based on the synchronized anti-replay information.
A shorter interval improves the anti-replay information consistency between the active device and the
standby device, but also increases the anti-replay information synchronization frequency and the impact
on the performance of the devices.
Related commands: display ipsec policy, display ipsec policy-template, and display ipsec profile.
Examples
# Set the inbound anti-replay window information synchronization interval to 800 and the outbound
anti-replay sequence number synchronization interval to 50000.
<Sysname> system-view
[Sysname] ipsec policy test 10 isakmp
[Sysname-ipsec-policy-isakmp-test-10] synchronization anti-replay-interval inbound 800
outbound 50000
transform
Syntax
transform { ah | ah-esp | esp }
undo transform
View
IPsec proposal view
Default level
2: System level
Parameters
ah: Uses the AH protocol.
ah-esp: Uses ESP first and then AH.
esp: Uses the ESP protocol.
Description
Use transform to specify a security protocol for an IPsec proposal.
Use undo transform to restore the default.
By default, the ESP protocol is used.
If ESP is used, the default encryption and authentication algorithms are DES and MD5 respectively.
If AH is used, the default authentication algorithm is MD5.
If both AH and ESP are used, AH uses the MD5 authentication algorithm by default, and ESP uses the
DES encryption algorithm but no authentication algorithm by default.
The IPsec proposals at the two ends of an IPsec tunnel must use the same security protocol.