ipsec succeed-check enable

Function

The ipsec succeed-check enable command enables the IPSec succeed-check function.

The undo ipsec succeed-check command disables the IPSec succeed-check function.

By default, the succeed-check function is enabled.

This command is supported only on the NetEngine 8000 F1A.

Format

ipsec succeed-check enable

undo ipsec succeed-check

Parameters

None

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ike write

Usage Guidelines

After IPSec succeed-check function is enabled, the system checks the received non encrypted packets that are in plain text and discards the encrypted packets when they are supposed to be not encrypted.

For the environment where the IPSec policy template is used to deploy IPSec, the IPSec backward checking function checks only the data flow that matches the rule with the smallest number in the ACL quoted by the IPSec policy template.

Example

# Enable the IPSec succeed-check function.
<HUAWEI> system-view
[~HUAWEI] ipsec succeed-check enable
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >