[x]

IPsec commands > esn enable

 

 Next

esn enable

Use esn enable to enable the Extended Sequence Number (ESN) feature.

Use undo esn enable to disable the ESN feature.

Syntax

esn enable [ both ]

undo esn enable

Default

The ESN feature is disabled.

Views

IPsec transform set view

Predefined user roles

network-admin

mdc-admin

Parameters

both: Specifies IPsec to support both extended sequence number and traditional sequence number. If you do not specify this keyword, IPsec only supports extended sequence number.

Usage guidelines

The ESN feature extends the sequence number length from 32 bits to 64 bits. This feature prevents the sequence number space from being exhausted when large volumes of data are transmitted at high speeds over an IPsec SA. If the sequence number space is not exhausted, the IPsec SA does not need to be renegotiated.

This feature must be enabled at both the initiator and the responder.

Examples

# Enable the ESN feature in IPsec transform set tran1.

<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] esn enable

Related commands

display ipsec transform-set

prev

 

up

 next

encapsulation-mode 

home

 esp authentication-algorithm

© Copyright 2018 Hewlett Packard Enterprise Development LP