Examples
# Apply IPsec policy group pg1 to interface Serial 2/1/2.
<Sysname> system-view
[Sysname] interface serial 2/1/2
[Sysname-Serial2/1/2] ipsec policy pg1
Related commands
ipsec policy (system view)
ipsec policy (system view)
Use ipsec policy to create an IPsec policy and enter its view.
Use undo ipsec policy to delete the specified IPsec policies.
Syntax
ipsec policy policy-name seq-number [gdoi | isakmp | manual ]
undo ipsec policy policy-name [ seq-number ]
Default
No IPsec policy exists.
Views
System view
Default command level
2: System level
Parameters
policy-name: Name for the IPsec policy, a case-insensitive string of 1 to 15 characters. No minus sign (-)
can be included.
seq-number: Sequence number for the IPsec policy, in the range 1 to 65535.
gdoi: Sets up SAs through GDOI mode.
isakmp: Sets up SAs through IKE negotiation.
manual: Sets up SAs manually.
Usage guidelines
When creating an IPsec policy, you must specify the generation mode.
You cannot change the generation mode of an existing IPsec policy; you can only delete the policy and
then re-create it with the new mode.
IPsec policies with the same name constitute an IPsec policy group. An IPsec policy is identified uniquely
by its name and sequence number. In an IPsec policy group, an IPsec policy with a smaller sequence
number has a higher priority.
The undo ipsec policy command without the seq-number argument deletes an IPsec policy group.
In a group encrypted transport VPN, you must configure IPsec GDOI policies on the group members. For
more information about group encrypted transport VPN, see Security Configuration Guide.
299