Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
----End
4.4.9 Applying an IPSec policy to an interface
An interface can use only one IPSec policy. An IPSec policy for IKE negotiation can be applied
to multiple interfaces.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
ipsec policy policy-name
An IPSec policy is applied to the interface.
Only one IPSec policy can be applied to an interface. An IPSec policy can be applied to multiple
interfaces.
After the configuration is complete, the packets transmitted between two ends of the IPSec tunnel
trigger SA establishment through IKE negotiation. In automatic triggering mode, the SA is
established immediately after the IKE negotiation succeeds. In traffic-based triggering mode,
the SA is established only after data flows matching the IPSec policy are sent from the interface.
After IKE negotiation succeeds and the SA is established, the data flows are encrypted and then
transmitted between two ends.
----End
4.4.10 Checking the Configuration
After an IPSec tunnel is established through IKE negotiation, you can view information about
the SA, configuration of the IKE peer, and configuration of the IKE proposal.
Prerequisites
The configurations required to establish an IPSec tunnel through IKE negotiation are complete.
Procedure
l
l
l
Issue 01 (2012-03-15)
The DPD mode is configured.
Run the display ike sa command to view information about the SAs established through
IKE negotiation.
Run the display ike peer [ name peer-name ] [ verbose ] command to view the
configuration of a specified IKE peer or all IKE peers.
Run the display ike proposal command to view the configuration of a specified IKE
proposal or all IKE proposals.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
129
Advertisement
Table of Contents
