Ipsec Binding Policy - H3C MSR 20-20 Command Reference Manual

View
Parameter
Description
Related command:
Example

ipsec binding policy

Syntax
View
Parameter
Description
IPSec policy view/IPSec policy template view
peer-name: IKE peer name, a string of 1 to 15 characters.
Use the command to reference an IKE peer in an IPSec policy or IPSec
ike-peer
policy template configured through IKE negotiation.
Use the undo ike peer
Note that this command applies to only IKE negotiation mode.
ipsec policy-template.
# Configure a reference to an IKE peer in an IPSec policy.
<Sysname> system-view
[Sysname] ipsec policy policy1 10 isakmp
[Sysname-ipsec-policy-isakmp-policy1-10] ike-peer peer1
ipsec binding policy policy-name [ seq-number ] [ primary ]
undo ipsec binding policy policy-name [ seq-number ] [ primary ]
Encryption card interface view
policy-name: Name of the IPSec policy, a case insensitive string of 1 to 15
characters. Valid characters are English letters and numbers. No minus sign "-"
can be included.
seq-number: Sequence number of the IPSec policy, in the range of 1 to 10000,
with a smaller value indicating a higher priority.
primary: Specifies the current encryption card as the primary card of the IPSec
policy.
Use the
ipsec binding policy
policy group to the encryption card interface.
Use the
undo ipsec binding policy
By default, an encryption card interface is bound with no IPSec policy.
Note that:
An IPSec policy group can be bound to an encryption card either before or after
■
it is applied to an interface as long as you create it first. After binding an IPSec
policy group to an encryption card, you must apply it to at least one interface
so that the flows matching the policy are to be processed with the encryption
card.
command to remove the reference of an IKE peer.
command to bind an IPSec policy or an IPSec
command to remove the binding.
2133