Table of Contents
Advertisement
4.1.28 ipsec proposal
Syntax
ipsec proposal proposal-name
undo ipsec proposal
View
System view
Parameter
proposal-name: Name of the specified proposal set.
Description
Using the ipsec proposal command, you can create or modify a proposal method
named proposal-name, and enter the IPSec proposal view. Using the undo ipsec
proposal command, you can restore the default, so as to cancel the specified
proposal set.
This command is applicable to the IPSec module of the operating system.
This proposal method is a combination of the security protocol, algorithm and packet
encapsulation mode for implementing IPSec protection. An IPSec policy determines
the protocol, algorithm and encapsulation mode to be adopted by the use of the
proposal set. Before the IPSec policy uses a proposal set, this proposal set must
have already been set up.
The proposal set adopted by the IPSec policies at both ends of the security tunnel
must be set as having the same protocol, algorithm and encapsulation mode.
Each SA set up manually can only use one proposal set.
Each SA set up through IKE negotiation can use six proposal sets at most. IKE
negotiation can display for the completely matching proposal set at both ends of the
security tunnel.
For
related
encryption-algorithm, esp-new authentication-algorithm, encapsulation-mode,
proposal, display ipsec proposal, transform.
Example
# Configure a proposal set whose name is newtrans1.
[3Com]ipsec proposal newtrans1
commands,
see
ah-new
authentication-algorithm,
Security
esp-new
71
- Quick Links:
- Command Line Interface Commands
Hide quick links:
Advertisement
Chapters
Table of Contents
