transform-set

Use transform-set to specify an IPsec transform set for an IPsec policy, IPsec policy template, or IPsec profile.

Use undo transform-set to remove the IPsec transform set specified for an IPsec policy, IPsec policy template, or IPsec profile.

Syntax

transform-set transform-set-name&<1-6>

undo transform-set [ transform-set-name ]

Default

No IPsec transform set is specified for an IPsec policy, IPsec policy template, or IPsec profile.

Views

IPsec policy view

IPsec policy template view

IPsec profile view

Predefined user roles

network-admin

mdc-admin

Parameters

transform-set-name&<1-6>: Specifies a space-separated list of up to six IPsec transform sets by their names, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can specify only one IPsec transform set for a manual IPsec policy. If you execute this command multiple times, the most recent configuration takes effect.

You can specify a maximum of six IPsec transform sets for an IKE-based IPsec policy. During an IKE negotiation, IKE searches for a fully matched IPsec transform set at the two ends of the IPsec tunnel. If no match is found, no SA can be set up, and the packets expecting to be protected will be dropped.

If you do not specify the transform-set-name argument, the undo transform-set command removes all IPsec transform sets specified for the IPsec policy, IPsec policy template, or IPsec profile.

Examples

# Specify IPsec transform set prop1 for IPsec policy policy1.

<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] quit
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] transform-set prop1

Related commands

ipsec { ipv6-policy | policy }

ipsec profile

ipsec transform-set