R2511-HP MSR Router Series Security Command Reference(V5)
201
In FIPS mode, you must configure both ESP authentication and encryption. If you delete the specified
authentication algorithm or encryption algorithm, ESP uses the default authentication algorithm or
encryption algorithm.
Examples
# Configure IPsec transform set prop1 to use ESP and specify 3DES as the encryption algorithm for ESP.
<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] transform esp
[Sysname-ipsec-transform-set-prop1] esp encryption-algorithm 3des
Related commands
• display ipsec transform-set
• esp authentication-algorithm
ike-peer (IPsec policy view/IPsec policy template view/IPsec
profile view)
Use ike-peer to reference an IKE peer in an IPsec policy, IPsec policy template, or IPsec profile configured
through IKE negotiation.
Use undo ike peer to remove the reference.
Syntax
ike-peer peer-name [ primary ]
undo ike-peer peer-name
Views
IPsec policy view, IPsec policy template view, IPsec profile view
Default command level
2: System level
Parameters
peer-name: Specifies the IKE peer name, a string of 1 to 32 characters.
primary: Specifies the IKE peer as a primary IKE peer.
Usage guidelines
This command applies only to IKE negotiation mode.
If an IPsec policy uses the ISAKMP mode, you can execute the ike-peer command multiple times in the
IPsec policy view to reference a list of IKE peers. If the IKE negotiation through a peer fails, the next IKE
peer is used.
If you specify the primary keyword in the ike-peer command, the specified IKE peer has the highest
priority for a negotiation. You can specify a maximum of one primary IKE peer in the view of an IPsec
policy.
Reference as few IKE peers as possible. If you reference multiple IKE peers, specify one as the primary
IKE peer to improve the negotiation efficiency.
Examples
# Configure a reference to an IKE peer in an IPsec policy.