R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

231

232

233

234

235

236

237

238

239

240

217

Syntax

local-address { ipv4-address | ipv6 ipv6-address }

undo local-address

Default

The IP address of the interface to which the IPsec policy is applied is used as the local gateway IP

address.

Views

IPsec policy view, IPsec policy template view

Default command level

2: System level

Parameters

ipv4-address: Specifies the IPv4 address of the local security gateway.

ipv6 ipv6-address: Specifies the IPv6 address of the local security gateway.

Usage guidelines

This local gateway IP address configuration is required on an IKEv2 negotiation initiator and optional on

a responder.

Examples

# Use 1.1.1.1 as the local gateway IP address.

<Sysname> system-view

[Sysname] ipsec policy map 1 isakmp

[Sysname-ipsec-policy-isakmp-map-1] local-address 1.1.1.1

pfs

Use pfs to enable and configure the perfect forward secrecy (PFS) feature so that the system uses the

feature when employing the IPsec policy or IPsec profile to initiate a negotiation.

Use undo pfs to remove the configuration.

Syntax

pfs { dh-group1 | dh-group2 | dh-group5 | dh-group14 }

undo pfs

Default

The PFS feature is not used for negotiation.

Views

IPsec policy view, IPsec policy template view, IPsec profile view

Default command level

2: System level

Parameters

dh-group1: Uses 768-bit Diffie-Hellman group. This keyword is not available for FIPS mode.

dh-group2: Uses 1024-bit Diffie-Hellman group.