Ike-Profile - H3C MSR Series Command Reference Manual

Hardware
MSR2600-10-X1
MSR 2630
MSR3600-28/3600-51
MSR3600-28-SI/3600-51-SI
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC
MSR 3610/3620/3620-DP/3640/3660
MSR5620/5660/5680
Usage guidelines
You can specify multiple ESP encryption algorithms for one IPsec transform set, and the algorithm
specified earlier has a higher priority.
For a manual or IKEv1-based IPsec policy, the first specified ESP encryption algorithm takes effect.
To make sure an IPsec tunnel can be established successfully, the IPsec transform sets specified at
both ends of the tunnel must have the same first ESP encryption algorithm.
GCM and GMAC algorithms are combined mode algorithms. GCM algorithms provide encryption
and authentication services. GMAC algorithms only provide authentication service. Combined mode
algorithms can be used only when ESP is used alone without AH. Combined mode algorithms
cannot be used together with ordinary ESP authentication algorithms.
Examples
# Configure the IPsec transform set tran1 to use aes-cbc-128 as the ESP encryption algorithm.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-128
Related commands
ipsec transform-set

ike-profile

Use ike-profile to specify an IKE profile for an IPsec policy, IPsec policy template, or IPsec profile.
Use undo ike-profile to restore the default.
Syntax
ike-profile profile-name
undo ike-profile
Default
No IKE profile is specified. The IPsec policy, IPsec policy template, or IPsec profile uses the globally
IKE settings for negotiation.
Views
IPsec policy view
IPsec policy template view
IPsec profile view
Predefined user roles
network-admin
Keyword compatibility
No
No
No
No
Yes
Yes
Yes
534