Manualshelf

HP MSR2000/3000/4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
261262263264265266267268269270
250
Predefined user roles
network-admin
Parameters
transform-set-name&<1-6>: Specifies an IPsec transform set by its name, a case-sensitive string of 1 to 63
characters. &<1-6> means that you can specify up to six IPsec transform sets.
Usage guidelines
A manual IPsec policy can reference only one IPsec transform set. If you specify an IPsec transform set for
the manual IPsec policy multiple times, the most recent configuration takes effect.
An IKE-based IPsec policy can reference six IPsec transform sets at most. During an IKE negotiation, IKE
searches for a fully matched IPsec transform set at the two ends of the IPsec tunnel. If no match is found,
no SA can be set up, and the packets expecting to be protected will be dropped.
If you do not specify the transform-set-name argument, the undo transform-set command removes all
referenced IPsec transform sets.
Examples
# Reference the IPsec transform set prop1 for the IPsec policy policy1.
<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] quit
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] transform-set prop1
Related commands
ipsec { ipv6-policy | policy }
ipsec profile
ipsec transform-set