3Com 3C13636 Configuration Manual page 1122

3Com Router 3000 Ethernet Family
Configuration Guide
Dynamically create an IPSec policy
by using IKE and an IPSec policy
template.
Modify an IPSec policy that has
been established by using IKE
negotiation
Delete the specified IPSec policy.
If you want to create a dynamic IPSec policy by making use of an IPSec policy template,
you must first define the policy template. For more information about defining a policy
template, see "Section 7.2.4 Configuring IPSec Policy Template".
2) Referencing an IPSec proposal in the IPSec policy
An IPSec proposal is referenced in an IPSec policy to specify IPSec protocol,
algorithms, and packet encapsulation mode. Before an IPSec proposal can be
referenced, it must have been created.
Perform the following configurations in IPSec policy view.
Table 7-13 Reference an IPSec proposal in the IPSec policy
Reference an IPSec proposal in the
IPSec policy.
Remove the IPSec proposal referenced
by the IPSec policy.
In the event of manually creating SA, each IPSec policy can reference only one IPSec
proposal. If an IPSec proposal has been referenced, it must be removed before the
configuration of a new IPSec proposal is allowed. At both ends of a security tunnel,
IPSec proposals referenced by the IPSec policy must adopt the same security protocol,
algorithms and packet encapsulation mode.
3) Referencing ACL in the IPSec policy
IPSec policy will reference an ACL to specify which packet needs security protection
and which does not according to the rules in this access control list. Packets permitted
by ACL will be in protection, while packets denied by ACL will not be protected.
Perform the following configuration in IPSec policy view.
Operation
Operation
3Com Corporation
7-18
Chapter 7 IPSec Configuration
Command
ipsec policy policy-name
isakmp [ template template-name ]
ipsec policy policy-name
isakmp
undo ipsec policy
[ seq-number ]
Command
proposal
[ proposal-name2... proposal-name6 ]
undo proposal
seq-number
seq-number
policy-name
proposal-name1