4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

221

222

223

224

225

226

227

228

229

230

219

Views

IPsec policy view, IPsec policy template view

Predefined user roles

network-admin

Parameters

profile-name: Specifies an IKE profile by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

The IKE profile referenced by an IPsec policy or IPsec policy template defines the parameters used for IKE

negotiation.

An IPsec policy or IPsec policy template can reference only one IKE profile and they cannot reference any

IKE profile that is already referenced by another IPsec policy or IPsec policy template.

Examples

# Specify IPsec policy policy1 to reference IKE profile profile1.

<Sysname> system-view

[Sysname] ipsec policy policy1 10 isakmp

[Sysname-ipsec-policy-isakmp-policy1-10] ike-profile profile1

Related commands

ike profile

ipsec anti-replay check

Use ipsec anti-replay check to enable IPsec anti-replay checking.

Use undo ipsec anti-replay check to disable IPsec anti-replay checking.

Syntax

ipsec anti-replay check

undo ipsec anti-replay check

Default

IPsec anti-replay checking is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

IPsec packet de-encapsulation involves complicated calculation. De-encapsulation of replayed packets is

not necessary but consumes large amounts of resources and degrades performance, resulting in DoS.

IPsec anti-replay checking, when enabled, is performed before the de-encapsulation process, reducing

resource waste.

In some cases, some service data packets might be received in a very different order than their original

order, and the IPsec anti-replay function might drop them as replayed packets, affecting normal