Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
83
Parameters
None
Description
Use ipsec decrypt check to enable ACL checking of de-encapsulated IPsec packets.
Use undo ipsec decrypt check to disable ACL checking of de-encapsulated IPsec packets.
By default, ACL checking of de-encapsulated IPsec packets is enabled.
Examples
# Enable ACL checking of de-encapsulated IPsec packets.
<Sysname> system-view
[Sysname] ipsec decrypt check
ipsec invalid-spi-recovery enable
Syntax
ipsec invalid-spi-recovery enable
undo ipsec invalid-spi-recovery enable
View
System view
Default level
2: System level
Parameters
None
Description
Use ipsec invalid-spi-recovery enable to enable invalid security parameter index (SPI) recovery.
Use undo ipsec invalid-spi-recovery enable to restore the default.
By default, the invalid SPI recovery is disabled. The receiver discards IPsec packets with invalid SPIs.
Invalid SPI recovery enables an IPsec security gateway to send an INVALID SPI NOTIFY message to its
peer when it receives an IPsec packet but cannot find any SA with the specified SPI. When the peer
receives the message, it deletes the SAs on its side. Then, subsequent traffic triggers the two peers to
establish new SAs.
Examples
# Enable invalid SPI recovery.
<Sysname> system-view
[Sysname] ipsec invalid-spi-recovery enable
ipsec policy (interface view)
Syntax
ipsec policy policy-name
undo ipsec policy [ policy-name ]