Ipsec { Ipv6-Policy | Policy } Local-Address - HP 5920 Command Reference Manual

Examples
# Create an IPsec policy entry by referencing the IPsec policy template temp1, and specify the IPsec
policy name as policy2 and the sequence number as 200.
<Sysname> system-view
[Sysname] ipsec policy policy2 200 isakmp template temp1
Related commands
display ipsec { ipv6-policy | policy }
•
ipsec { ipv6-policy-template | policy-template }
•

ipsec { ipv6-policy | policy } local-address

Use ipsec { ipv6-policy | policy } local-address to bind an IPsec policy to a source interface.
Use undo ipsec { ipv6-policy | policy } local-address to remove the bindings of IPsec policies and source
interfaces.
Syntax
ipsec { ipv6-policy | policy } policy-name local-address interface-type interface-number
undo ipsec { ipv6-policy | policy } policy-name local-address
Default
No IPsec policy is bound to a source interface.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6-policy: Specifies an IPv6 IPsec policy.
policy: Specifies an IPv4 IPsec policy.
policy-name: Name of an IPsec policy, a case-sensitive string of 1 to 63 characters.
local-address interface-type interface-number: Specifies the shared source interface by its type and
number.
Usage guidelines
For high availability, two interfaces may operate in backup or load sharing mode. After an IPsec policy
is applied to the two interfaces, they negotiate with their peers to establish IPsec SAs respectively. When
one interface fails and a link failover occurs, the other interface needs to take some time to re-negotiate
SAs, resulting in service interruption.
To solve the problems, bind a source interface to an IPsec policy and apply the policy to both interfaces.
This enables the two physical interfaces to use the same source interface to negotiate IPsec SAs. As long
344