proposal

Function

The proposal command applies a security proposal to a Security Association (SA).

The undo proposal command removes a security proposal from an SA.

By default, no security proposal is created.

Format

proposal proposal-name

undo proposal

Parameters

Parameter Description Value
proposal-name

Specifies the name of a security proposal.

The value is a string of 1 to 15 case-sensitive characters.

Views

IPsec SA view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ipsec write

Usage Guidelines

Usage Scenario

An SA defines a protection policy, and a security proposal defines a protection method. Protocol packet protection can be implemented only after a security proposal is applied to an SA.

Prerequisites

The proposal should be created using ipsec proposal command before applying on the SA. If the proposal is not created, then a prompt message is displayed.

Configuration Impact

After the proposal command is run, the security proposal is applied to an SA and cannot be deleted.

Example

# Apply the security proposal named prop1 to the SA named sa1.
HUAWEI> system-view
[~HUAWEI] ipsec proposal prop1
[*HUAWEI-ipsec-proposal-prop1] encapsulation-mode transport
[*HUAWEI-ipsec-proposal-prop1] transform ah
[*HUAWEI-ipsec-proposal-prop1] quit
[*HUAWEI] ipsec sa sa1
[*HUAWEI-ipsec-sa-sa1] proposal prop1
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >