proposal (IPsec policy view)

Syntax

proposal proposal-name&<1-6>

undo proposal [ proposal-name ]

View

IPsec policy view

Default level

2: System level

Parameters

proposal-name&<1-6>: Name of the IPsec proposal, a string of 1 to 32 characters. &<1-6> means that you can specify the proposal-name argument for up to six times.

Description

Use the proposal command to specify an IPsec proposal for the IPsec policy to reference.

Use the undo proposal command to remove an IPsec proposal reference by the IPsec policy .

By default, an IPsec policy references no IPsec proposal.

The IPsec proposals must already exist.

A manual IPsec policy can reference only one IPsec proposal. To replace a referenced IPsec proposal, use the undo proposal command to remove the original proposal binding and then use the proposal command to reconfigure one.

An IKE negotiated IPsec policy can reference up to six IPsec proposals. The IKE negotiation process will search for and use the exactly matched proposal.

Related commands: ipsec proposal, ipsec policy (system view).

Examples

# Configure IPsec policy policy1 to reference IPsec proposal prop1.

<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] quit
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] proposal prop1