3com MSR 20-20 참조 매뉴얼
2141
■
The local Diffie-Hellman group must be the same as that of the peer.
■
This command can be used only when the SAs are to be set up through IKE
negotiation.
negotiation.
Related command:
Example
# Enable and configure PFS for IPSec policy policy1.
<Sysname> system-view
[Sysname] ipsec policy policy1 200 isakmp
[Sysname-ipsec-policy-isakmp-policy1-200] pfs dh-group1
proposal
Syntax
proposal proposal-name&<1-6>
undo proposal [ proposal-name ]
View
IPSec policy view/IPSec policy template view
Parameter
proposal-name&<1-6>: Name of the IPSec proposal for the IPSec policy to
reference, a string of 1 to 15 characters. &<1-6> means that you can specify the
proposal-name argument for up to six times.
reference, a string of 1 to 15 characters. &<1-6> means that you can specify the
proposal-name argument for up to six times.
Description
Use the proposal command to specify the IPSec proposal(s) for the IPSec policy to
reference.
reference.
Use the undo proposal command to remove an IPSec proposal reference by the
IPSec policy.
IPSec policy.
By default, an IPSec policy references no IPSec proposal.
Note that:
■
You can specify only existing IPSec proposals when using this command.
■
A manual IPSec policy can reference only one IPSec proposal. To replace a
referenced IPSec proposal, use the undo proposal command to remove the
original proposal binding and then use the proposal command to reconfigure
one.
referenced IPSec proposal, use the undo proposal command to remove the
original proposal binding and then use the proposal command to reconfigure
one.
■
An IKE negotiated IPSec policy can reference up to six IPSec proposals. The IKE
negotiation process will search for and use the exactly matched proposal.
negotiation process will search for and use the exactly matched proposal.
Related command:
Example
# Configure IPSec policy policy1 to reference IPSec proposal prop1.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] quit