Optional) Setting Optional Parameters - Huawei quidway s7700 Configuration Manual
Smart routing switch
Hide thumbs
Also See for quidway s7700:
- Configuration manual (833 pages) ,
- Configuration manual - ethernet (648 pages) ,
- Configuration manual - multicast (551 pages)
Table of Contents
Advertisement
Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
ipsec policy-template policy-template-name seq-number
An IPSec policy template is created.
Step 3 (Optional) Run:
security acl acl-number
An ACL is applied to the IPSec policy template.
Step 4 Run:
proposal proposal-name&<1-6>
An IPSec proposal is applied to the IPSec policy template.
An IPSec policy that uses IKE negotiation can reference a maximum of six IPSec proposals.
During IKE negotiation, the two ends of the IPSec tunnel use the IPSec proposals with the same
parameter settings first.
Step 5 (Optional) Run:
sa duration { traffic-based kilobytes | time-based interval }
The IPSec SA lifetime is set.
Step 6 Run:
ike-peer peer-name { v1 | v2 }
An IKE peer is applied to the IPSec policy template.
Step 7 (Optional) Run:
pfs { dh-group1 | dh-group2 }
The Perfect Forward Secrecy (PFS) feature used in the negotiation is configured.
By default, the PFS feature is not used in IKE negotiation.
----End
4.4.8 (Optional) Setting Optional Parameters
This section describes how to set optional parameters for IKE negotiation.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipsec sa global-duration { time-based interval | traffic-based kilobytes }
The global SA lifetime is set.
You can set the lifetime only for the SAs established through IKE negotiation. The lifetime of
manually created SAs is not limited. That is, the manually created SAs are always effective.
If the SA lifetime is not set in an IPSec policy, the global lifetime is used.
Issue 01 (2011-07-15)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
126
Advertisement
Table of Contents
