H3C MSR Series Command Reference Manual page 538
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
Field
Mode
The policy configuration is incomplete
Description
Traffic Flow Confidentiality
Security data flow
Selector mode
Local address
Remote address
Transform set
IKE profile
IKEv2 profile
SA duration(time based)
SA duration(traffic based)
SA idle time
AH string-key
AH authentication hex key
ESP string-key
ESP encryption hex key
ESP authentication hex key
Group name
Related commands
ipsec { ipv6-policy | policy }
Description
Negotiation mode of the IPsec policy:
•
Manual—Manual mode.
•
ISAKMP—IKE negotiation mode.
•
Template—IPsec policy template mode.
•
GDOI—GDOI mode.
IPsec policy configuration incomplete. Possible causes include:
•
The ACL is not configured.
•
The IPsec transform set is not configured.
•
The ACL does not have any permit statements.
•
The IPsec transform set configuration is not complete.
•
The peer IP address of the IPsec tunnel is not specified.
•
The SPI and key of the IPsec SA do not match those in the
IPsec policy.
Description of the IPsec policy.
Whether Traffic Flow Confidentiality (TFC) padding is enabled.
ACL used by the IPsec policy.
Data flow protection mode of the IPsec policy:
•
standard
•
aggregation
•
per-host
Local end IP address of the IPsec tunnel (available only for the
IKE-based IPsec policy).
Remote end IP address or host name of the IPsec tunnel.
Transform set used by the IPsec policy.
IKE profile used by the IPsec policy.
IKEv2 profile used by the IPsec policy.
Time-based IPsec SA lifetime, in seconds.
Traffic-based IPsec SA lifetime, in kilobytes.
Idle timeout of the IPsec SA, in seconds.
AH string key. This field displays ****** if the key is configured
and it is empty if the key is not configured.
AH authentication hexadecimal key. This field displays ****** if
the key is configured and it is empty if the key is not configured.
ESP string key. This field displays ****** if the key is configured
and it is empty if the key is not configured.
ESP encryption hexadecimal key. This field displays ****** if the
key is configured and it is empty if the key is not configured.
ESP authentication hexadecimal key. This field displays ****** if
the key is configured and it is empty if the key is not configured.
GDOI GM group used by the IPsec policy.
This field is displayed when the negotiation mode is GDOI.
515
Advertisement
Table of Contents
