The proposal command applies a security proposal to a Security Association (SA).
The undo proposal command removes a security proposal from an SA.
By default, no security proposal is created.
| Parameter | Description | Value |
|---|---|---|
proposal-name |
Specifies the name of an IPSec proposal. |
The value is an existing IPSec proposal name. |
Usage Scenario
An SA defines a protection policy, and a security proposal defines a protection method. Data protection can be implemented only after a security proposal is applied to an SA.
Prerequisite
The ipsec proposal command has been run to create a security proposal before the proposal command is run. If no security proposal has been created, an error message will be displayed when the proposal command is run.
Before run the proposal command, it needs to set the encapsulation mode to transport.
Precautions
After the proposal command is run, the security proposal is applied to an SA and cannot be deleted.
# Create an IPSec proposal prop1 and configure it to use the default parameters. Then reference the IPSec proposal in IPSec SA sa1.
<HUAWEI> system-view [HUAWEI] ipsec proposal prop1 [HUAWEI-ipsec-proposal-prop1] transform ah [HUAWEI-ipsec-proposal-prop1] encapsulation-mode transport [HUAWEI-ipsec-proposal-prop1] quit [HUAWEI] ipsec sa sa1 [HUAWEI-ipsec-sa-sa1] proposal prop1