ipsec apply
ipsec { ipv6-policy | policy } isakmp template
Use ipsec { ipv6-policy | policy } isakmp template to create an IKE-based IPsec policy entry by
using an IPsec policy template.
Use undo ipsec { ipv6-policy | policy } to delete the specified IPsec policy.
Syntax
ipsec { ipv6-policy | policy } policy-name seq-number isakmp template template-name
undo ipsec { ipv6-policy | policy } policy-name [ seq-number ]
Default
No IPsec policies exist.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6-policy: Specifies an IPv6 IPsec policy.
policy: Specifies an IPv4 IPsec policy.
policy-name: Specifies a name for the IPsec policy, a case-insensitive string of 1 to 63 characters.
seq-number: Specifies a sequence number for the IPsec policy, in the range of 1 to 65535. A smaller
number indicates a higher priority.
isakmp template template-name: Specifies an IPsec policy template by its name, a case-insensitive
string of 1 to 63 characters.
Usage guidelines
If you do not specify the seq-number argument, the undo command deletes the specified IPsec
policy.
An interface applied with an IPsec policy that is configured by using an IPsec policy template cannot
initiate an SA negotiation, but it can respond to a negotiation request. The parameters not defined in
the template are determined by the initiator. When the remote end's information (such as the IP
address) is unknown, this method allows the remote end to initiate negotiations with the local end.
Examples
# Create an IPsec policy entry by using the IPsec policy template temp1, and specify the IPsec
policy name as policy2 and the sequence number as 200.
<Sysname> system-view
[Sysname] ipsec policy policy2 200 isakmp template temp1
Related commands
display ipsec { ipv6-policy | policy }
ipsec { ipv6-policy-template | policy-template }
ipsec { ipv6-policy | policy } local-address
Use ipsec { ipv6-policy | policy } local-address to bind an IPsec policy to a source interface.
544