Filter
Top Products
2136 CHAPTER 140: IPSEC CONFIGURATION COMMANDS
<Sysname> system-view
[Sysname] interface serial 2/2
[Sysname-Serial2/2] ipsec policy pg1
ipsec policy (system view)
Syntax ipsec policy policy-name seq-number [ isakmp | manual ]
undo ipsec policy policy-name [ seq-number ]
View System view
Parameter policy-name: Name for the IPSec policy, a case insensitive string of 1 to 15
characters. Valid characters are English letters and numbers. No minus sign (-) can
be included.
seq-number: Sequence number for the IPSec policy, in the range 1 to 10000.
isakmp: Sets up SAs through IKE negotiation.
manual: Sets up SAs manually.
Description Use the
ipsec policy command to create an IPSec policy and enter its view.
Use the
undo ipsec policy command to delete the specified IPSec policies.
By default, no IPSec policy exists.
Note that:
■ When creating an IPSec policy, the generation mode will be manual if you do
not specify it.
■ You cannot change the generation mode of an existing IPSec policy; you can
only delete the policy and then re-create it with the new mode.
■ IPSec policies with the same name constitute an IPsec policy group. An IPSec
policy is identified uniquely by its name and sequence number. In an IPSec
policy group, an IPSec policy with a smaller sequence number has a higher
priority.
■ Using the undo ipsec policy command without the seq-number argument
deletes an IPSec policy group.
Related command: ipsec policy (interface view), display ipsec policy.
Example # Create an IPSec policy with the name policy1 and sequence number 100.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100]