R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

181

182

183

184

185

186

187

188

189

190

169

Feature

MSR90

MSR93

MSR20

-1

MSR20

MSR30 MSR50 MSR1000

Binding an

IPsec policy,

IPsec policy

group, or IPsec

profile to an

encryption

module

No No No No

Yes

MIM

encryption

module

required

Yes

FIC

encryption

module

required

You can bind an IPsec policy, IPsec policy group, or IPsec profile to one or more encryption cards to

implement data authentication, encryption, and decryption.

To provide redundancy and resiliency, bind one IPsec policy, IPsec policy group, or IPsec profile to

multiple encryption cards. If one card fails, another card takes over.

You can specify an encryption card as the primary card for an IPsec policy, policy group, or IPsec profile

and you can specify the primary card for an IPsec policy, policy group, or IPsec profile multiple times.

However, only the most recent configuration takes effect.

When an IPsec policy, policy group, or IPsec profile has already been bound to an encryption card, if

you bind an IPsec policy, policy group, or IPsec profile with the same name to the card again, the new

IPsec policy, IPsec policy group, or IPsec profile overwrites the former.

An IPsec policy, policy group, or IPsec profile uses the bound primary card to provide security services.

If no primary card is specified, an IPsec policy, policy group or IPsec profile prefers the first available

encryption card that is bound to it. Once an IPsec policy, policy group, or IPsec profile takes a second

encryption card as the primary card, the new primary card begins to provide security services

immediately.

If you remove the binding of an IPsec policy, policy group, or IPsec profile to an encryption card, the

matching packets will no longer be serviced by the card.

For more information about IPsec profile, see "Configuring an IPsec profile."

o bind an IPsec policy, policy group, or IPsec profile to an encryption card:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter encryption card

interface view.

interface encrypt interface-number

N/A

3. Bind an IPsec policy, policy

group, or IPsec profile to the

encryption card.

ipsec binding policy policy-name

[ seq-number ] [ primary ]

By default, an encryption card

interface is bound with no IPsec

policy, policy group, or IPsec

profile.

The seq-number argument is not

required when an IPsec profile,

uniquely identified by its name, is

bound to an encryption card.