4000 Router Series Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

171

172

173

174

175

176

177

178

179

180

160

Configuring SNMP notifications for IPsec

After you enable SNMP notifications for IPsec, the IPsec module notifies the NMS of important events of

the module. The notifications are sent to the SNMP module of the device. You can decide how the SNMP

module outputs notifications by configuring the notification transmission parameters for the SNMP

module. For more information about SNMP notifications, see Network Management and Monitoring

Configuration Guide.

To generate and output SNMP notifications for IPsec for a specific type of failures or events, enable

SNMP notifications for IPsec globally and for the specified type of failures or events.

To configure SNMP notifications for IPsec:

Ste

Command

Remarks

1. Enter system view

system-view N/A

2. Enable SNMP notifications

for IPsec globally.

snmp-agent trap enable ipsec global

By default, SNMP notifications for

IPsec are enabled.

3. Enable SNMP notifications

for the specified type of

failures or events.

snmp-agent trap enable ipsec

[ auth-failure | decrypt-failure |

encrypt-failure | invalid-sa-failure |

no-sa-failure | policy-add |

policy-attach | policy-delete |

policy-detach | tunnel-start |

tunnel-stop ] *

By default, SNMP notifications for

all types of failures and events are

enabled.

Displaying and maintaining IPsec

Execute display commands in any view and reset commands in user view.

Task Command

Display IPsec policy information.

display ipsec { ipv6-policy | policy } [ policy-name

[ seq-number ] ]

Display IPsec policy template information.

display ipsec { ipv6-policy-template | policy-template }

[ template-name [ seq-number ] ]

Display IPsec profile information. display ipsec profile [ profile-name ]

Display IPsec transform set information. display ipsec transform-set [ transform-set-name ]

Display IPsec SA information.

display ipsec sa [ brief | count | interface interface-type

interface-number | { ipv6-policy | policy } policy-name

[ seq-number ] | profile policy-name | remote [ ipv6 ]

ip-address ]

Display IPsec statistics. display ipsec statistics [ tunnel-id tunnel-id ]

Display IPsec tunnel information. display ipsec tunnel { brief | count | tunnel-id tunnel-id }

Clear IPsec SAs.

reset ipsec sa [ { ipv6-policy | policy } policy-name

[ seq-number ] | profile policy-name | remote

{ ipv4-address | ipv6 ipv6-address } | spi { ipv4-address |

ipv6 ipv6-address } { ah | esp } spi-num ]