as the source interface is up, the negotiated IPsec SAs will not be removed and will keep working,
regardless of link failover.
After an IPsec policy is applied to a service interface and IPsec SAs have been established, if you bind
the IPsec policy to a source interface, the existing IPsec SAs are deleted.
Only the IKE-based IPsec policies can be bound to a source interface.
An IPsec policy can be bound to only one source interface. To bind an IPsec policy to another source
interface, you must first remove the current binding.
A source interface can be bound to multiple IPsec policies.
HP recommends using a stable interface, such as a Loopback interface, as a source interface.
Examples
# Bind the IPsec policy map to source interface Loopback 11.
<Sysname> system-view
[Sysname] ipsec policy map local-address loopback 11
Related commands
ipsec { ipv6-policy | policy } (system view)
ipsec { ipv6-policy-template | policy-template } policy-template
Use ipsec { ipv6-policy-template | policy-template } to create an IPsec policy template, and enter IPsec
policy template view.
Use undo ipsec { ipv6-policy-template | policy-template } to delete the specified IPsec policy template.
Syntax
ipsec { ipv6-policy-template | policy-template } template-name seq-number
undo ipsec { ipv6-policy-template | policy-template } template-name [ seq-number ]
Default
No IPsec policy template is created.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6-policy-template: Specifies an IPv6 IPsec policy template.
policy-template: Specifies an IPv4 IPsec policy template.
template-name: Specifies a name for the IPsec policy template, a case-sensitive string of 1 to 64
characters.
345
To Next Page
Loading...
Need help?
General
