Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
7.2.3 Creating IPSec Policies
IPSec policies each specify an IPSec proposal for a certain data flow. They fall into two
types, manual IPSec policy and IKE negotiation IPSec policy. The former one is to
configure parameters such as key, SPI and SA duration as well as IP addresses of two
ends in the tunnel mode manually. As for the latter one, these parameters are
automatically generated by IKE negotiation.
Note:
This section introduces configurations about IPSec policy in detail, including manual
configuration and IKE negotiation configuration. Configuration for one mode will be
followed by a special description. Otherwise, the configuration should be performed in
both manual mode and IKE negotiation mode.
I. Manually creating an IPSec policy
1)
Manually creating an IPSec policy
You are not allowed to modify the negotiation mode of an IPSec policy that has been
created. For example: If manual IPSec policy is established, it cannot be revised into
isakmp mode, and you have to delete this IPSec policy before establishing a new one.
Perform the following configuration in system view.
Table 7-6 Establish IPSec policy
Manually create an IPSec policy
for an SA.
Modify the IPSec policy of the SA.
Delete the IPSec policy
IPSec policies with the same name and different sequence numbers can compose an
IPSec policy group. In one IPSec policy group, up to 100 IPSec policies can be
configured. However, the maximum number of all IPSec policies in all IPSec policy
groups is 100. In an IPSec policy group, the smaller the sequence number is, the higher
the priority will be.
By default, there is no IPSec policy.
2)
Referencing IPSec proposal in IPSec policy
Operation
3Com Corporation
7-14
Chapter 7 IPSec Configuration
Command
ipsec
policy
policy-name
manual
ipsec
policy
policy-name
manual
undo ipsec policy policy-name [ seq-number ]
seq-number
seq-number
Advertisement
Chapters
Table of Contents
Troubleshooting
