ACL-based IPsec configuration task list

The following is the generic configuration procedure for implementing ACL-based IPsec:

  • Configure ACLs for identifying data flows to be protected.

  • Configure IPsec proposals to specify the security protocols, authentication and encryption algorithms, and encapsulation mode.

  • Configure IPsec policies to associate data flows with IPsec proposals and specify the SA negotiation mode, the peer IP addresses (the start and end points of the IPsec tunnel), the required keys, and the SA lifetime.

  • Apply the IPsec policies to interfaces to finish IPsec configuration.

  • To configure ACL-based IPsec: