Displaying And Debugging Ipsec - 3Com 3032 Configuration Manual
3com 3032: user guide
Hide thumbs
Also See for 3032:
- Command reference manual (101 pages) ,
- Installation manual (50 pages) ,
- Supplementary manual (31 pages)
Table of Contents
Advertisement
Apply Security Policy
Group on Interface
Displaying and
Debugging IPSec
Table 651 Enable Detection of the Router at the Remote End of the Tunnel
Operation
Enable the detect on the reachability of
router at the remote end of the tunnel (It
is applicable to the operating system host
software IPSec, NDEC)
Disable the detect on the reachability of
router at the remote end of the tunnel (It
is applicable to the operating system host
software IPSec, NDEC)
By default, detection of the router at the remote end of the tunnel is disabled.
To put the defined SA into effect, it is necessary to apply a security policy to each
interface (logical or physical) that will encrypt site-out data and decrypt site-in
data. According to the encryption set configured on the interface, the interface
cooperates with the remote encryption router to perform the packet encryption.
When the security policy group is deleted from the interface, this interface will not
have IPSec security protection function.
When messages are transmitted on an interface, the security policies in the
security policy group are searched one by one, from the smaller sequence number
to the greater one. If a message is matched with an access list quoted by a security
policy, then this security policy is used for processing this message. If a message
has no matched access list quoted by a security policy, then it will go on looking
for next security policy. If a message is matched with no access list quoted by the
security policy, then the message will be directly transmitted (IPSec will not protect
the message).
One interface can be applied with only one security policy group, and one security
policy group can be applied to only one interface.
Perform the following configurations in the interface view.
Table 652 Apply Security Policy Group on Interface
Operation
Apply security policy group on interface
(applicable to IPSec software and crypto
card)
Delete the security policy group applied on
interface (applicable to IPSec software and
crypto card)
By default, no security policy group is applied to the interface.
Use debugging, reset and display commands in all views.
Displaying and Debugging IPSec
Command
ipsec sa dynamic-detect
undo ipsec sa dynamic-detect
Command
ipsec policy policy-name
undo ipsec policy
575
- Quick Links:
- Configuration Guide
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
