2136
C
140: IPS
HAPTER
EC
ipsec policy (system view)
Syntax
View
Parameter
Description
Related command:
Example
C
C
ONFIGURATION
OMMANDS
<Sysname> system-view
[Sysname] interface serial 2/2
[Sysname-Serial2/2] ipsec policy pg1
ipsec policy policy-name seq-number [ isakmp | manual ]
undo ipsec policy policy-name [ seq-number ]
System view
policy-name: Name for the IPSec policy, a case insensitive string of 1 to 15
characters. Valid characters are English letters and numbers. No minus sign (-) can
be included.
seq-number: Sequence number for the IPSec policy, in the range 1 to 10000.
isakmp: Sets up SAs through IKE negotiation.
manual: Sets up SAs manually.
Use the
ipsec policy
Use the
undo ipsec policy
By default, no IPSec policy exists.
Note that:
When creating an IPSec policy, the generation mode will be manual if you do
■
not specify it.
You cannot change the generation mode of an existing IPSec policy; you can
■
only delete the policy and then re-create it with the new mode.
IPSec policies with the same name constitute an IPsec policy group. An IPSec
■
policy is identified uniquely by its name and sequence number. In an IPSec
policy group, an IPSec policy with a smaller sequence number has a higher
priority.
Using the undo ipsec policy command without the seq-number argument
■
deletes an IPSec policy group.
ipsec policy (interface view), display ipsec policy.
# Create an IPSec policy with the name policy1 and sequence number 100.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100]
command to create an IPSec policy and enter its view.
command to delete the specified IPSec policies.