H3C S6550X-HI Series Command Reference Manual page 2271

Views
IPsec policy view
IPsec policy template view
Predefined user roles
network-admin
Usage guidelines
This command applies only to IKE-based IPsec policies and IKE-based IPsec policy templates.
You can use this command to disable an IPsec policy entry or IPsec policy template entry without
deleting the entry. Disabling an IPsec policy entry or IPsec policy template entry will delete all IPsec
SAs established based on that entry. A disabled IPsec policy entry or IPsec policy template entry
cannot be used for SA negotiation until it is enabled.
Examples
# Disable the IPsec policy entry whose name is policy1 and sequence number is 10.
<Sysname> system-view
[Sysname] ipsec policy policy1 10 isakmp
[Sysname-ipsec-policy-isakmp-policy1-10] undo policy enable
protocol
Use
protocol
Use
undo protocol
Syntax
protocol { ah | ah-esp | esp }
undo protocol
Default
The IPsec transform set uses the ESP protocol.
Views
IPsec transform set view
Predefined user roles
network-admin
Parameters
: Specifies the AH protocol.
ah
: Specifies using the ESP protocol first and then using the AH protocol.
ah-esp
: Specifies the AH protocol.
ah
Usage guidelines
The two tunnel ends must use the same security protocol in the IPsec transform set.
Examples
# Specify the AH protocol for the IPsec transform set.
<Sysname> system-view
[ ]
Sysname
[
Sysname-ipsec-transform-set-tran1
to specify a security protocol for an IPsec transform set.
to restore the default.
ipsec transform-set tran1
]
protocol ah
46