Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1381138213831384138513861387138813891390
A-134
Command-Line Reference
IPsec Policy Context
Replace <position> with the position you want to assign the policy (1-65535).
The module processes the policy with the lowest value first (for example,
position 1 before position 2). The position matters most when policies have
overlapping traffic selectors. In this case, assign the highest position (lowest
value) to the IPsec policy with the most specific traffic selector.
Note that you can specify a position that is already used by another policy.
The new policy is inserted above the former policy, and the former policy’s
position (as well as policies below that policy) is modified accordingly.
preview
Before you apply the IPsec policy, you should preview it to make sure that
everything is correct. To preview your policy, enter the following command
from any IPsec policy context:
Syntax: preview
This command is also available from the IPsec policy apply, IPsec policy
bypass, IPsec policy deny, IPsec auto keys, IPsec manual keys, and IPsec IRAS
contexts.
For example:
hostswitch(tms-module-<slot ID>:ipsec:<action>)# preview
IPsec policy
-------------------------------------------------------
*Policy Name: testpol
Status: Enabled
Action: Apply
Direction: Both
Position: 1
Traffic Selector
*Protocol: Any
*Local Address: 10.1.1.1
*Remote Address: 10.2.2.0/24
IPsec Proposal
*Policy Name: testprop
Key Management
Key Exchange Method: Auto (with IKEv1)
*IKEv1 Policy: testIKE