H3C Technologies H3C S6300 Series Switches User Manual

226

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a manual IPsec

policy entry and enter its
view.

ipsec { ipv6-policy | policy }
policy-name seq-number manual

By default, no IPsec policy exists.

3.

(Optional.) Configure a

description for the IPsec
policy.

description text

By default, no description is configured.

4.

Specify an ACL for the
IPsec policy.

security acl [ ipv6 ] { acl-number |
name acl-name }

By default, an IPsec policy references no
ACL.
An IPsec policy can reference only one
ACL.

5.

Specify an IPsec
transform set for the IPsec

policy.

transform-set transform-set-name

By default, an IPsec policy references no
IPsec transform set.
A manual IPsec policy can reference only
one IPsec transform set.

6.

Specify the remote IP
address of the IPsec

tunnel.

remote-address { ipv4-address |
ipv6 ipv6-address }

By default, the remote IP address of the
IPsec tunnel is not specified.
The local IPv4 address of the IPsec tunnel

is the primary IPv4 address of the
interface to which the IPsec policy is

applied. The local IPv6 address of the

IPsec tunnel is the first IPv6 address of the
interface to which the IPsec policy is

applied.

7.

Configure an SPI for the

inbound or outbound
IPsec SA.

•

To configure an SPI for the

inbound IPsec SA:
sa spi inbound { ah | esp }

spi-number

•

To configure an SPI for the

outbound IPsec SA:

sa spi outbound { ah | esp }

spi-number

By default, no SPI is configured for the
inbound or outbound IPsec SA.