beautypg.com

H3C Technologies H3C S6300 Series Switches User Manual

Page 245

background image

230

Step Command

Remarks

2.

Create an IPsec policy

template and enter its view.

ipsec { ipv6-policy-template |
policy-template } template-name
seq-number

By default, no IPsec policy template
exists.

3.

(Optional.) Configure a

description for the IPsec policy
template.

description text

By default, no description is
configured.

4.

(Optional.) Specify an ACL for
the IPsec policy template.

security acl [ ipv6 ] { acl-number |
name acl-name } [ aggregation |

per-host ]

By default, no ACL is specified for
the IPsec policy template.
An IPsec policy template can
reference only one ACL.

5.

Specify the IPsec transform
sets for the IPsec policy

template to reference.

transform-set

transform-set-name&<1-6>

By default, the IPsec policy
template references no IPsec

transform set.

6.

Specify the IKE profile for the
IPsec policy template to

reference.

ike-profile profile-name

By default, the IPsec policy
template references no IKE profile.
An IPsec policy template can

reference only one IKE profile and
it cannot reference any IKE profile

that is already referenced by

another IPsec policy template or
IPsec policy.
For more information about IKE
profiles, see "

Configuring IKE

."

7.

(Optional.) Specify the local
IP address of the IPsec tunnel.

local-address { ipv4-address | ipv6
ipv6-address }

By default, the local IPv4 address
of IPsec tunnel is the primary IPv4

address of the interface to which
the IPsec policy is applied, and the

local IPv6 address of the IPsec

tunnel is the first IPv6 address of the

interface to which the IPsec policy
is applied.
The local IP address specified by
this command must be the same as

the IP address used as the local IKE
identity.

8.

(Optional.) Specify the remote
IP address of the IPsec tunnel.

remote-address { [ ipv6 ]
host-name | ipv4-address | ipv6

ipv6-address }

By default, the remote IP address of
the IPsec tunnel is not specified.

9.

Configure the IPsec SA
lifetime.

sa duration { time-based seconds |
traffic-based kilobytes }

By default, the global SA lifetime
settings are used.

10.

(Optional.) Set the IPsec SA
idle timeout.

sa idle-time seconds

By default, the global SA idle
timeout is used.

11.

Return to system view.

quit

N/A

12.

Configure the global SA

lifetime.

ipsec sa global-duration
{ time-based seconds |
traffic-based kilobytes }

By default, time-based SA lifetime
is 3600 seconds, and traffic-based
SA lifetime is 1843200 kilobytes.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: