No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display ipsec policy-template

display ipsec policy-template

Function

The display ipsec policy-template command displays IPSec policy template information.

Format

display ipsec policy-template [ brief | name template-name [ seq-number ] ]

Parameters

Parameter

Description

Value

brief

Displays brief information about all IPSec policy templates.

-

name template-name

Displays detailed information about a specified IPSec policy template.

The value is an existing IPSec policy template name.

seq-number

Specifies the sequence number of an IPSec policy template.

The value is an integer that ranges from 1 to 10000.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display brief information about all IPSec policy templates.

<Huawei> display ipsec policy-template brief
Number of templates group : 1                                                   
Number of templates       : 1                                                   
                                                                                
Policy template name     ACL           Peer name                                
------------------------------------------------------                          
temp1-10                                rut3             
Table 10-30  Description of the display ipsec policy-template brief command output

Item

Description

Number of templates group

Number of IPSec policy template groups. An IPSec policy template is identified by its name and sequence number and multiple IPSec policy templates with the same IPSec policy template name constitute an IPSec policy template group.

Number of templates

Number of IPSec policy templates.

Policy template name

Name and sequence number of the IPSec policy template. To configure an IPSec policy template, run the ipsec policy-template command.

ACL

ACL referenced by the IPSec policy template. To configure an ACL referenced by an IPSec policy template, run the security acl command.

Peer name

Name of the IKE peer referenced by the IPSec policy template. To reference an IKE peer, run the ike-peer command.

# Display information about a specified IPSec policy template.

<Huawei> display ipsec policy-template name temp1
                                                                                
===============================================                                 
IPSec policy template group: "temp1"                                            
===============================================                                 
                                                                                
    Sequence number: 10                                                         
    Security data flow: 0                                                       
    Peer name    : peer1                                                        
    Perfect forward secrecy: None                                               
    Proposal name:                                                              
    IPSec SA local duration(time based): 3600 seconds                           
    IPSec SA local duration(traffic based): 1843200 kilobytes                   
    Anti-replay window size: 32                                                 
    Route inject: None                                                          
    Qos pre-classify: Disable
    Qos group: - 
    IKE identity name: identity1
Table 10-31  Description of the display ipsec policy-template name command output

Item

Description

Sequence number

Sequence number in the IPSec policy template. To configure an IPSec policy template, run the ipsec policy-template command.

Security data flow

ACL referenced by the IPSec policy template. To configure an ACL referenced by an IPSec policy template, run the security acl command.

Peer name

Name of the IKE peer referenced by the IPSec policy template. To reference an IKE peer, run the ike-peer command.

Perfect forward secrecy

Perfect Forward Secrecy (PFS) used in IKE negotiation:
  • DH group 1: 768-bit Diffie-Hellman group is used during IKE negotiation.
  • DH group 2: 1024-bit Diffie-Hellman group is used during IKE negotiation.
  • DH group 5: 1536-bit Diffie-Hellman group is used during IKE negotiation.
  • DH group 14: 2014-bit Diffie-Hellman group is used during IKE negotiation.
  • None: PFS is not used during IKE negotiation.
To specify an algorithm used to generate a pseudo random number, run the pfs command.

Proposal name

Name of an IPSec proposal referenced by the IPSec policy template. To referenced an IPSec proposal, run the proposal command.

IPSec SA local duration(time based)

Time-based lifetime of the local SA. To set the time-based lifetime of the local SA, run the sa duration time-based command in the IPSec policy view.

IPSec SA local duration(traffic based)

Traffic-based lifetime of the local SA. To set the traffic-based lifetime of the local SA, run the sa duration traffic-based command in the IPSec policy view.

Anti-replay window size

IPSec anti-replay window size. This field is available only when the IPSec anti-replay function is enabled. To set the IPSec anti-replay window size, run the ipsec anti-replay window command.

Route inject

Route injection status:
  • Dynamic , Preference: Dynamic route injection is enabled and a priority is configured for route generated through route injection.
  • Static , Preference: Dynamic route injection is enabled and a priority is configured for the route generated through route injection.
  • None: Route injection is disabled.
To configure route injection, run the route inject command.

Qos pre-classify

Whether pre-extraction of original IP packets is enabled. To enable pre-extraction of original IP packets, run the qos pre-classify command.

Qos group

QoS group to which IPSec packets belong. To configure the QoS group, run the qos group command.

- indicates that no QoS group is specified for IPSec packets.

IKE identity name

Name of the referenced IKE identity. To referenced an IKE identity, run the match ike-identity command.

Related Topics
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 91567

Downloads: 124

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next