Ipsec Decrypt-Check Enable - HP FlexFabric 7900 Series Command Reference Manual
Security
Hide thumbs
Also See for FlexFabric 7900 Series:
- Command reference manual (294 pages) ,
- Configuration manual (165 pages) ,
- Installation manual (58 pages)
Table of Contents
Advertisement
Default
No IPsec policy is applied to an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
policy-name: Specifies the name of an IPv4 IPsec policy, a case-insensitive string of 1 to 63 characters.
Usage guidelines
You can apply only one IPsec policy on an interface. To apply a new IPsec policy to the interface, you
must first remove the IPsec policy that is already applied to the interface.
An IKE-based IPsec policy can be applied to multiple interfaces. However, HP recommends that you
apply an IKE-based IPsec policy to only one interface. A manual IPsec policy can be applied to only one
interface.
Examples
# Apply the IPsec policy policy1 to interface VLAN-interface 2.
<Sysname> system-view
[Sysname] interface Vlan-interface 2
[Sysname-Vlan-interface2] ipsec apply policy policy1
Related commands
display ipsec policy
•
ipsec policy
•
ipsec decrypt-check enable
Use ipsec decrypt-check enable to enable ACL checking for de-encapsulated IPsec packets.
Use undo ipsec decrypt-check to disable ACL checking for de-encapsulated IPsec packets.
Syntax
ipsec decrypt-check enable
undo ipsec decrypt-check enable
Default
ACL checking for de-encapsulated IPsec packets is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
In tunnel mode, the IP packet encapsulated in an inbound IPsec packet might not be under the protection
of the ACL specified in the IPsec policy. After being de-encapsulated, such packets bring threats to the
126
Advertisement
Table of Contents
