• For an IKE-based IPsec policy, the initiator sends all AH authentication algorithms specified in the
IPsec transform set to the peer end during the negotiation phase, and the responder matches the
received algorithms against its local algorithms starting from the first one until a match is found. To
ensure a successful IKE negotiation, the IPsec transform sets specified at both ends of the tunnel must
have at least one same AH authentication algorithm.
In FIPS mode, you can specify only one AH authentication algorithm for an IPsec transform set.
Examples
# Create an IPsec transform set, and specify the AH authentication algorithm for the transform set as
HMAC-SHA1.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] ah authentication-algorithm sha1
description
Use description to configure description for an IPsec policy, IPsec policy template, or IPsec profile.
Use undo description to restore the default.
Syntax
description text
undo description
Default
No description is defined.
Views
IPsec policy view, IPsec policy template view, IPsec profile view
Predefined user roles
network-admin
Parameters
text: Specifies the description content, a case-sensitive string of 1 to 80 characters.
Usage guidelines
If the system has multiple IPsec policies, IPsec policy templates, or IPsec profiles, you can use this
command to configure different descriptions for them to distinguish them.
Examples
# Configure description for IPsec policy 1 as CenterToA.
<Sysname> system-view
[Sysname] ipsec policy policy1 1 isakmp
[Sysname-ipsec-policy-isakmp-policy1-1] description CenterToA
314
To Next Page
Loading...
Need help?
General
