HP 12500 Series Configuration Manual page 187

Step
1. Enter system view.
2. Create an IPsec policy that
uses IKE and enter its view.
3. Configure an IPsec connection
name.
4. Assign an ACL to the IPsec
policy.
5. Assign IPsec proposals to the
IPsec policy.
6. Specify an IKE peer for the
IPsec policy.
7. Enable and configure the
perfect forward secrecy
feature for the IPsec policy.
8. Set the SA lifetime.
9. Enable the IPsec policy.
10. Return to system view.
Command
system-view
ipsec policy policy-name
seq-number isakmp
connection-name name
security acl acl-number
[ aggregation ]
proposal proposal-name&<1-6>
ike-peer peer-name
pfs { dh-group2 | dh-group5 |
dh-group14 }
sa duration { time-based seconds |
traffic-based kilobytes }
policy enable
quit
177
Remark
N/A
By default, no IPsec policy exists.
The isakmp mode is available only
for FIPS mode.
Optional.
By default, no IPsec connection
name is configured.
This command is available only for
FIPS mode.
By default, an IPsec policy
references no ACL.
This command is available only for
FIPS mode.
By default, an IPsec policy
references no IPsec proposal.
An IPsec policy cannot reference
any IKE peer that is already
referenced by an IPsec profile, and
vice versa.
This command is available only for
FIPS mode.
Optional.
By default, the PFS feature is not
used for negotiation.
For more information about PFS,
see "Configuring IKE."
This command is available only for
FIPS mode.
Optional.
By default, the global SA lifetime is
used.
This command is available only for
FIPS mode.
Optional.
Enabled by default.
This command is available only for
FIPS mode.
N/A