Configuration procedure, Displaying and maintaining ipsec – H3C Technologies H3C SecPath F1000-E User Manual

Page 204

192

•

Apply the IPsec policies or IPsec profiles to the uplink interfaces on the two devices. If you change

the virtual IP address after applying the IPsec policy to an interface, be sure to re-apply the IPsec
policy to the interface.

Configuration procedure

To implement IPsec stateful failover on two devices, you must make sure that IPsec stateful failover is

enabled on both devices.
To enable IPsec stateful failover on a device:

Step Command

Remarks

Enter system view.

system-view

N/A

Enable IPsec stateful
failover.

ipsec synchronization enable

Optional.
By default, IPsec stateful
failover is enabled.

Displaying and maintaining IPsec

Task Command

Remarks

Display IPsec policy
information.

display ipsec policy [ brief | name policy-name
[ seq-number ] ] [ | { begin | exclude | include }
regular-expression ]

Available in any
view

Display IPsec policy
template information.

display ipsec policy-template [ brief | name template-name
[ seq-number ] ] [ | { begin | exclude | include }

regular-expression ]

Available in any
view

Display the configuration
of IPsec profiles.

display ipsec profile [ name profile-name ] [ | { begin |
exclude | include } regular-expression ]

Available in any
view

Display IPsec proposal
information.

display ipsec proposal [ proposal-name ] [ | { begin |
exclude | include } regular-expression ]

Available in any
view

Display IPsec SA
information.

display ipsec sa [ brief | policy policy-name [ seq-number ]
| remote ip-address ] [ | { begin | exclude | include }

regular-expression ]

Available in any
view

Display IPsec packet
statistics.

display ipsec statistics [ tunnel-id integer ] [ | { begin |
exclude | include } regular-expression ]

Available in any
view

Display IPsec tunnel
information.

display ipsec tunnel [ | { begin | exclude | include }
regular-expression ]

Available in any
view

Clear SAs.

reset ipsec sa [ parameters dest-address protocol spi |
policy policy-name [ seq-number ] | remote ip-address ]

Available in user
view

Clear IPsec statistics.

reset ipsec statistics

Available in user
view

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS