hello ipsec sa (IPv4)

Function

The hello ipsec sa command specifies an IPSec SA globally used for encrypting and authenticating PIM Hello (IPv4) messages sent and received by the device.

The undo hello ipsec sa command deletes the IPSec SA globally used for encrypting and authenticating PIM Hello (IPv4) messages sent and received by the device.

By default, no IPSec SA is specified for encrypting and authenticating PIM Hello (IPv4) messages.

Format

hello ipsec sa sa-name

undo hello ipsec sa

Parameters

Parameter	Description	Value
sa-name	Specifies the name of the globally used SA.	The value is an existing SA name.

Views

PIM view of public network instance or PIM view of VPN instance

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a Huawei device connects to a non-Huawei device that can only encrypt and authenticate PIM Hello messages, run this command to configure the Huawei device to encrypt and authenticate only PIM Hello messages, so that the devices can interwork.

Prerequisites

IP multicast routing has been enabled using the multicast routing-enable command.
Basic IPSec functions have been configured.

Precautions

If you run both this command and the ipsec sa (IPv4) command in the PIM view, the last configured one takes effect.

This command has the same function as the pim hello ipsec sa command used in the interface view except for the effective scope. The configuration in the interface view takes precedence over the configuration in the PIM view. If SAs are specified in both the interface view and PIM view, the specified interface uses the SA configured in the interface view. If no SA is specified on an interface, the interface uses the SA specified in the PIM view.

Example

# Configure the device to encrypt and authenticate PIM Hello messages using the PIM IPSec SA named sa1. (This SA has been created.)

<HUAWEI> system-view
[HUAWEI] multicast routing-enable
[HUAWEI] pim
[HUAWEI-pim] hello ipsec sa sa1