Tunnel Protection Ipsec - H3C MSR Series Command Reference Manual

You can specify a maximum of six IPsec transform sets for an IKE-based IPsec policy. During an IKE
negotiation, IKE searches for a fully matched IPsec transform set at the two ends of the IPsec tunnel.
If no match is found, no SA can be set up, and the packets expecting to be protected will be dropped.
If you do not specify the transform-set-name argument, the undo transform-set command removes
all IPsec transform sets specified for the IPsec policy, IPsec policy template, or IPsec profile.
Examples
# Specify the IPsec transform set prop1 for the IPsec policy policy1.
<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] quit
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] transform-set prop1
Related commands
ipsec { ipv6-policy | policy }
ipsec profile
ipsec transform-set

tunnel protection ipsec

Use tunnel protection ipsec to apply an IPsec profile to a tunnel interface.
Use undo tunnel protection ipsec to restore the default.
Syntax
tunnel protection ipsec profile profile-name
undo tunnel protection ipsec profile
Default
No IPsec profile is applied to a tunnel interface.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
profile profile-name: Specify an IPsec profile by its name, a case-insensitive string of 1 to 63
characters. The specified IPsec profile must be an IKE-based IPsec profile.
Usage guidelines
IKE-based IPsec profiles can be applied only to ADVPN tunnel interfaces.
After an IPsec profile is applied to a tunnel interface, the peers negotiate an IPsec tunnel through IKE
to protect data transmitted through the tunnel interface.
Examples
# Apply IPsec profile prf1 to tunnel interface Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode advpn gre
[Sysname-Tunnel1]tunnel protection ipsec profile prf1
571