H3C S6550X-HI Series Command Reference Manual page 2288

[
Sysname-ipsec-policy-manual-policy1-100
[
Sysname-ipsec-policy-manual-policy1-100
# In an IPv6 IPsec policy, configure the inbound and outbound SAs that use AH to use plaintext key
abcdef.
<Sysname> system-view
[Sysname] ipsec ipv6-policy policy1 100 manual
[Sysname-ipsec-ipv6-policy-manual-policy1-100] sa string-key inbound ah simple abcdef
[Sysname-ipsec-ipv6-policy-manual-policy1-100] sa string-key outbound ah simple abcdef
Related commands
display ipsec sa
sa hex-key
sa trigger-mode
Use
sa trigger-mode
Use
undo sa trigger-mode
Syntax
sa trigger-mode { auto | traffic-based }
undo sa trigger-mode
Default
IPsec SA negotiation is triggered when traffic requires IPsec protection.
Views
IPsec policy view
Predefined user roles
network-admin
Parameters
: Triggers IPsec SA negotiation when required IPsec configuration is complete.
auto
traffic-based
Usage guidelines
You can specify the IPsec SA negotiation triggering mode only for IKE-based IPsec policies.
Compared to the auto mode, the traffic-based mode is more economical in terms of resource usage
because it triggers IPsec SA negotiation only when traffic requires IPsec protection. However, the
traffic-based mode leaves traffic unprotected before IPsec SAs are successfully established.
The IPsec SA negotiation triggering modes on the local and remote ends of an IPsec tunnel can be
different.
Modifying the IPsec SA negotiation triggering mode does not affect existing IPsec SAs.
If the IPsec SA negotiation triggering mode is set to
as a best practice after IPsec SA establishment is complete.
Examples
# Set the IPsec SA negotiation triggering mode to auto for IPsec policy policy1.
<Sysname> system-view
[Sysname] ipsec policy policy1 10 isakmp
to set the IPsec SA negotiation triggering mode.
to restore the default.
: Triggers IPsec SA negotiation when traffic requires IPsec protection.
]
sa string-key inbound ah simple abcdef
]
sa string-key outbound ah simple efcdab
, change the mode to
auto
63
traffic-based