Applying Ipsec Policy Group To Interface - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide
Note:
The parameters configurable in an IPSec policy template are the same as those of
IPSec policy, but most are optional. Only IPSec proposal is mandatory. However, it
should be noted that the proposal parameters are required while other parameters are
optional. In IKE negotiation, if IPSec policy template is used for policy matching, the
configured parameters must be matched and the parameters not configured use those
of the initiation side.
After the configuration of policy template, the following command must be executed to
apply the policy template just defined.
Table 7-20 Reference IPSec policy template
Reference an IPSec policy template
The view of the IPSec policy that has referenced IPSec policy template does not
support policy configuration and modification, which can only be implemented in IPSec
policy template view.
Caution:
The policy of IPSec policy template cannot initiate the negotiation of security
association, but is can response a negotiation.
The number of an IPSec policy configured by referencing an IPSec policy template
must be greater than that of an IPSec policy not configured in that way. Otherwise,
the responding party cannot find a match and the negotiation fails.

7.2.5 Applying IPSec Policy Group to Interface

In order to validate a defined SA, you must apply an IPSec policy group at the interface
(logical or physical) where the outgoing data or incoming data needs encryption or
decryption. Data encryption on the interface will be made based on the IPSec policy
group and in conjunction with the peer router. Deleting the IPSec policy group from the
interface will disable the protection function of IPSec on the interface.
Perform the following configuration in the interface view.
Operation
3Com Corporation
7-22
Chapter 7 IPSec Configuration
Command
ipsec policy policy-name seq-number
template template-name