Table of Contents
Advertisement
Predefined user roles
network-admin
Usage guidelines
TFC padding applies only to IPsec SAs negotiated by IKEv2.
TFC padding can hide the length of the original packet, and might affect the packet encapsulation
and de-encapsulation performance. This feature takes effect on UDP packets encapsulated by ESP
in transport mode and on original IP packets encapsulated by ESP in tunnel mode.
Examples
# Enable TFC padding for IPsec policy policy1.
<Sysname> system-view
[
]
Sysname
[
Sysname-ipsec-policy-isakmp-policy1-10
Related commands
display ipsec ipv6-policy
display ipsec policy
transform-set
Use
transform-set
policy template.
Use
undo transform-set
profile, or IPsec policy template.
Syntax
transform-set transform-set-name&<1-6>
undo transform-set [ transform-set-name ]
Default
No IPsec transform set is specified for an IPsec policy, IPsec profile, or IPsec policy template.
Views
IPsec policy view
IPsec policy template view
IPsec profile view
Predefined user roles
network-admin
Parameters
transform-set-name&<1-6>
The specified transform set names must be different. A transform set name is a case-insensitive
string of 1 to 63 characters.
Usage guidelines
You can specify only one IPsec transform set for a manual IPsec policy. If you execute this command
multiple times, the most recent configuration takes effect.
You can specify a maximum of six IPsec transform sets for an IKE-based IPsec policy or IPsec
profile. During an IKE negotiation, IKE searches for a fully matched IPsec transform set at the two
ipsec policy policy1 10 isakmp
to specify an IPsec transform set for an IPsec policy, IPsec profile, or IPsec
to remove the IPsec transform set specified for an IPsec policy, IPsec
]
tfc enable
: Specifies a space-separated list of up to six IPsec transform sets.
67
Advertisement
Chapters
Table of Contents
