H3C S6550X-HI Series Command Reference Manual page 2232

Field
The policy configuration is incomplete
Description
Traffic Flow Confidentiality
Security data flow
Selector mode
Local address
Remote address
Transform set
IKE profile
IKEv2 profile
SA trigger mode
SA duration(time based)
SA duration(traffic based)
SA soft-duration buffer(time based)
SA soft-duration buffer(traffic based)
SA idle time
AH string-key
AH authentication hex key
ESP string-key
ESP encryption hex key
Description
•
Manual—Manual mode.
•
ISAKMP—IKE negotiation mode.
•
Template—IPsec policy template mode.
IPsec policy configuration incomplete. Possible causes include:
•
The ACL is not configured.
•
The IPsec transform set is not configured.
•
The ACL does not have any permit statements.
•
The IPsec transform set configuration is not complete.
•
The peer IP address of the IPsec tunnel is not specified.
•
The SPI and key of the IPsec SA do not match those in the
IPsec policy.
Description of the IPsec policy.
Whether Traffic Flow Confidentiality (TFC) padding is enabled.
ACL used by the IPsec policy.
Data flow protection mode of the IPsec policy: standard,
aggregation, or per-host.
Local end IP address of the IPsec tunnel (available only for the
IKE-based IPsec policy).
Remote end IP address or host name of the IPsec tunnel.
Transform set used by the IPsec policy.
IKE profile used by the IPsec policy.
IKEv2 profile used by the IPsec policy.
IPsec SA negotiation triggering mode:
•
Auto—Triggers SA negotiation when required IPsec
configuration is complete.
•
Traffic-based—Triggers SA negotiation when traffic
requires IPsec protection.
Time-based IPsec SA lifetime, in seconds.
Traffic-based IPsec SA lifetime, in Kilobytes.
Time-based IPsec SA soft lifetime buffer, in seconds.
If the time-based IPsec SA soft lifetime buffer is not configured,
this field displays two consecutive hyphens (--).
Traffic-based IPsec SA soft lifetime buffer, in Kilobytes.
If the traffic-based IPsec SA soft lifetime buffer is not
configured, this field displays two consecutive hyphens (--).
Idle timeout of the IPsec SA, in seconds.
If the IPsec SA idle timeout is not configured, this field displays
two consecutive hyphens (--).
AH string key. This field displays ****** if the key is configured
and it is empty if the key is not configured.
AH authentication hexadecimal key. This field displays ****** if
the key is configured and it is empty if the key is not configured.
ESP string key. This field displays ****** if the key is configured
and it is empty if the key is not configured.
ESP encryption hexadecimal key. This field displays ****** if the
7