R2511-HP MSR Router Series Security Command Reference(V5)
214
ipsec profile (tunnel interface view)
Use ipsec profile to apply an IPsec profile to a DVPN tunnel interface or an IPsec tunnel interface.
Use undo ipsec profile to remove the application.
Syntax
ipsec profile profile-name
undo ipsec profile
Default
No IPsec profile is applied to a DVPN tunnel interface or an IPsec tunnel interface, and no IPsec
protection is provided.
Views
Tunnel interface view
Default command level
2: System level
Parameters
profile-name: Specifies the name of the IPsec profile, a case-insensitive string of 1 to 15 characters.
Usage guidelines
Only one IPsec profile can be applied to a tunnel interface.
To apply another IPsec profile to the tunnel interface, remove the original application first.
An IPsec profile cannot be applied to the DVPN tunnel interface and the IPsec tunnel interface
simultaneously.
Examples
# Apply IPsec profile vtiprofile to the IPsec tunnel interface.
<Sysname> system-view
[Sysname] interface tunnel 0
[Sysname-Tunnel0] tunnel-protocol ipsec ipv4
[Sysname-Tunnel0] ipsec profile vtiprofile
# Apply IPsec profile dvpnprofile to the DVPN tunnel interface.
<Sysname> system-view
[Sysname] interface tunnel 1
[Sysname-Tunnel1] tunnel-protocol dvpn udp
[Sysname-Tunnel1] ipsec profile dvpnprofile
Related commands
• ipsec profile (system view)
• interface tunnel (Layer 3—IP Services Command Reference).
ipsec sa global-duration
Use ipsec sa global-duration to configure the global SA lifetime.
Use undo ipsec sa global-duration to restore the default.