R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

211

212

213

214

215

216

217

218

219

220

205

An IPsec policy template cannot be bound to an encryption card interface, but an IPsec policy

originating from an IPsec policy template can.

You can specify an encryption card as the primary card when binding an IPsec policy, IPsec policy group,

or IPsec profile to the card. You can perform this configuration multiple times, but only the most recent

configuration takes effect. When an IPsec policy, IPsec policy group or IPsec profile is bound to the

current encryption card, the IPsec policy, IPsec policy group or IPsec profile with the same name bound

before will be overlaid.

An IPsec policy, IPsec policy group, or IPsec profile uses the bound primary card to provide security

services. If there is no primary card, an IPsec policy, IPsec policy group, or IPsec profile prefers the first

encryption card bound to it. Once an IPsec policy, IPsec policy group, or IPsec profile takes a second

encryption card as the primary card, the new primary card begins to provide security services

immediately.

The following matrix shows the command and router compatibility:

Command

MSR90

MSR93

MSR20

-1

MSR20

MSR30 MSR50 MSR1000

ips

bin

din

pol

icy

No No No No

Yes

MIM

encryption

module

required

Yes

FIC

encryption

module

required

Examples

# Bind IPsec policy group map to interface Encrypt 1/0.

<Sysname> system-view