Table of Contents
Advertisement
ipsec profile
Use
ipsec profile
IPsec profile.
Use
undo ipsec profile
Syntax
ipsec profile profile-name [ isakmp | manual ]
undo ipsec profile profile-name
Default
No IPsec profiles exist.
Views
System view
Predefined user roles
network-admin
Parameters
profile-name
characters.
: Specifies the IPsec SA setup mode as IKE.
isakmp
: Specifies the IPsec SA setup mode as manual.
manual
Usage guidelines
When you create an IPsec profile, you must specify the IPsec SA setup mode (manual or isakmp).
When you enter the view of an existing IPsec profile, you do not need to specify the IPsec SA setup
mode.
A manual IPsec profile is similar to a manual IPsec policy. It is used exclusively for IPsec protection
for application protocols, including OSPFv3, IPv6 BGP, and RIPng.
An IKE-based IPsec profile is similar to an IKE-based IPsec policy. It uses IKE negotiation to
establish IPsec SAs to protect IPv4 and IPv6 application protocols, such as ADVPN. An IKE-based
IPsec profile does not require you to specify the remote end address or an ACL.
Examples
# Create a manual IPsec profile named profile1.
<Sysname> system-view
[
]
Sysname
[
Sysname-ipsec-profile-manual-profile1
# Create an IKE-based IPsec profile named profile1.
<Sysname> system-view
[
]
Sysname
[
Sysname-ipsec-profile-isakmp-profile1
Related commands
display ipsec profile
ipsec redundancy enable
Use
ipsec redundancy enable
to create an IPsec profile and enter its view, or enter the view of an existing
to delete an IPsec profile.
: Specifies a name for the IPsec profile, a case-insensitive string of 1 to 63
ipsec profile profile1 manual
ipsec profile profile1 isakmp
]
]
to enable IPsec redundancy.
39
Advertisement
Chapters
Table of Contents
