3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

401

402

403

404

405

406

407

408

409

410

402 CHAPTER 22: IPSEC CONFIGURATION COMMANDS

Description

Use the ipsec card-proposal command to create an SA proposal for encryption

card and enter the corresponding view.

Use the undo ipsec card-proposal command to delete an SA proposal for

encryption card.

This command is used in encryption card SA proposal view (the corresponding

encryption/decryption/authentication are implemented on the encryption card),

whereas the host software is also compatible with SA proposal view of the host

itself (the ipsec proposal command), in which the

encryption/decryption/authentication are implemented by the host. In encryption

card SA proposal view, you can also specify the slot ID of the encryption card for

the SA proposal, with the use encrypt card command, while other configurations

are identical with the ipsec proposal command.

After completing SA proposal configuration, you need to return to system view

using the quit command, so that you can initiate other configuration.

Example

# Create the SA proposal "card" using the encryption card at slot 5/0/0, configure

security and encryption algorithm.

[SecBlade_VPN] ipsec card-proposal card

[SecBlade_VPN-ipsec-card-proposal] use encrypt-card 5/0/0

[SecBlade_VPN-ipsec-card-proposal-card] transform ah-esp

[SecBlade_VPN-ipsec-card-proposal-card] ah authentication-algorithm sha1

[SecBlade_VPN-ipsec-card-proposal-card] esp authentication-algorithm sha1

[SecBlade_VPN-ipsec-card-proposal-card] esp encryption-algorithm 3des

[SecBlade_VPN-ipsec-card-proposal-card] quit

[SecBlade_VPN]

reset counters interface

encrypt

Syntax

reset counters interface encrypt slot-id

View

User view

Parameter

slot-id: Slot ID of an encryption card, whose range depends on the number of slots

on the security gateway. It is in 3-dimentional format, for example, x/y/z, where x

stands for a slot number on the security gateway, y and z are constant 0 for

encryption cards.

Description

Use the reset counters interface encrypt command to clear the statistics on an

encryption card.

The statistics record all the information starting from normal operation of the

encryption card, while system debugging requires statistics of a specific time

period for fault analysis. Then you may need to reset the existing statistics and get

the statistics of a required time period.

Related command: ipsec card-proposal and display encrypt-card sa.