The proposal command references an IPSec proposal.
The undo proposal command deletes the referenced IPSec proposal.
By default, no IPSec proposal is referenced.
Manual IPSec policy view:
proposal proposal-name
undo proposal
ISAKMP IPSec policy view, IPSec policy template view, and IPSec profile view:
proposal proposal-name
undo proposal [ proposal-name ]
| Parameter | Description | Value |
|---|---|---|
| proposal-name | Specifies the name of the proposals. | It is a string of 1 to 15 case-insensitive characters. |
Manual IPSec policy view, ISAKMP IPSec policy view, IPSec policy template view, IPSec profile view
Usage Scenario
An IPSec proposal defines IPSec protection methods and takes effect only after an IPSec policy or profile references the IPSec proposal.
Prerequisites
An IPSec proposal has been created using the ipsec proposal command.
Precautions
A manual IPSec policy can only reference one IPSec proposal.
An ISAKMP IPSec policy, an IPSec policy template, or IPSec profile can reference a maximum of 12 IPSec proposals. When devices at both ends of an IPSec tunnel perform IKE negotiation, they search for IPSec proposals in sequence where IPSec proposals were configured until a matching IPSec proposal is found. If no matching IPSec proposal is found, an SA cannot be set up and packets to be protected are discarded.
When multiple authentication or encryption algorithms are configured in one IPSec proposal, the device can no longer reference IPSec proposals if the total number of algorithms in referenced IPSec proposals exceeds 255. The number of algorithms in one IPSec proposal is calculated using the following formula: Number of algorithms in one IPSec proposal = Number of authentication algorithms used in the AH protocol x Number of authentication algorithms used in the ESP protocol x Number of encryption algorithms used in the ESP protocol. If no authentication or encryption algorithm is configured, the number is considered as 1.