Predefined user roles
network-admin
Usage guidelines
This command enables the device to output logs for the IPsec negotiation process.
This command is available only in non-FIPS mode.
Examples
# Enable logging for IPsec negotiation.
<Sysname> system-view
[Sysname] ipsec logging negotiation enable
ipsec logging packet enable
Use ipsec logging packet enable to enable logging for IPsec packets.
Use undo ipsec logging packet enable to disable logging for IPsec packets.
Syntax
ipsec logging packet enable
undo ipsec logging packet enable
Default
Logging for IPsec packets is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
After logging for IPsec packets is enabled, the device outputs a log when an IPsec packet is
discarded. IPsec packets might be discarded due to lack of inbound SA, AH/ESP authentication
failure, or ESP encryption failure. A log contains the source and destination IP addresses, SPI, and
sequence number of the packet, and the reason it was discarded.
Examples
# Enable logging for IPsec packets.
<Sysname> system-view
[Sysname] ipsec logging packet enable
ipsec { ipv6-policy | policy }
Use ipsec { ipv6-policy | policy } to create an IPsec policy entry and enter its view, or enter the view
of an existing IPsec policy entry.
Use undo ipsec { ipv6-policy | policy } to delete the specified IPsec policy.
Syntax
ipsec { ipv6-policy | policy } policy-name seq-number [ gdoi | isakmp | manual ]
undo ipsec { ipv6-policy | policy } policy-name [ seq-number ]
542