R0106-HP MSR Router Series Security Command Reference(V7)
347
Examples
To enable SNMP notifications when an IPsec tunnel is created, execute the following commands:
# Enable SNMP notifications for IPsec globally.
<Sysname> system-view
[Sysname] snmp-agent trap enable ipsec global
# Enable SNMP notifications for events of creating IPsec tunnels.
[Sysname] snmp-agent trap enable ipsec tunnel-start
transform-set
Use transform-set to reference an IPsec transform set for an IPsec policy, IPsec policy template, or IPsec
profile.
Use undo transform-set to remove the IPsec transform set referenced by an IPsec policy, IPsec policy
template, or IPsec profile.
Syntax
transform-set transform-set-name&<1-6>
undo transform-set [ transform-set-name ]
Default
An IPsec policy, IPsec policy template, or IPsec profile references no IPsec transform set.
Views
IPsec policy view, IPsec policy template view, IPsec profile view
Predefined user roles
network-admin
Parameters
transform-set-name&<1-6>: Specifies a space-separated list of up to six IPsec transform sets by their
names, a case-insensitive string of 1 to 63 characters.
Usage guidelines
A manual IPsec policy can reference only one IPsec transform set. If you specify an IPsec transform set for
the manual IPsec policy multiple times, the most recent configuration takes effect.
An IKE-based IPsec policy can reference six IPsec transform sets at most. During an IKE negotiation, IKE
searches for a fully matched IPsec transform set at the two ends of the IPsec tunnel. If no match is found,
no SA can be set up, and the packets expecting to be protected will be dropped.
If you do not specify the transform-set-name argument, the undo transform-set command removes all
referenced IPsec transform sets.
Examples
# Reference the IPsec transform set prop1 for the IPsec policy policy1.
<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] quit
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] transform-set prop1