R2511-HP MSR Router Series Security Command Reference(V5)
235
Usage guidelines
The TFC padding function helps conceal the length of the original packets, but might adversely affect the
packet encapsulation and de-encapsulation performance. This function applies to only two types of IP
packets:
• IP packets that are encapsulated by ESP in tunnel mode
• IP packets that carry UDP datagrams and are encapsulated by ESP in transport mode.
Examples
# Enable the TFC padding function.
<Sysname> system-view
[Sysname] ipsec policy map 1 isakmp
[Sysname-ikev2-policy-isakmp-map-1] tfc enable
transform
Use transform to specify a security protocol for an IPsec transform set.
Use undo transform to restore the default.
Syntax
transform { ah | ah-esp | esp }
undo transform
Default
The ESP protocol is used.
Views
IPsec transform set view
Default command level
2: System level
Parameters
ah: Uses the AH protocol.
ah-esp: Uses ESP first and then AH.
esp: Uses the ESP protocol.
Usage guidelines
The IPsec transform sets at the two ends of an IPsec tunnel must use the same security protocol.
Examples
# Configure IPsec transform set prop1 to use AH.
<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] transform ah
Related commands
ipsec transform-set