ipsec policy (system view)

Syntax

ipsec policy policy-name seq-number [ isakmp | manual ]

undo ipsec policy policy-name [ seq-number ]

View

System view

Default level

2: System level

Parameters

policy-name: Name for the IPsec policy, a case-insensitive string of 1 to 15 characters, including letters and digits. No minus sign (-) can be included.

seq-number: Sequence number for the IPsec policy, in the range of 1 to 65535.

isakmp: Sets up SAs through IKE negotiation.

manual: Sets up SAs manually.

Description

Use the ipsec policy command to create an IPsec policy and enter its view.

Use the undo ipsec policy command to delete the specified IPsec policies.

By default, no IPsec policy exists.

When creating an IPsec policy, you must specify the generation mode.

You cannot change the generation mode of an existing IPsec policy; you can only delete the policy and then re-create it with the new mode.

IPsec policies with the same name constitute an IPsec policy group. An IPsec policy is identified uniquely by its name and sequence number. In an IPsec policy group, an IPsec policy with a smaller sequence number has a higher priority.

The undo ipsec policy command without the seq-number argument deletes an IPsec policy group.

Related commands: ipsec policy (interface view) and display ipsec policy.

Examples

# Create an IPsec policy with the name policy1 and sequence number 100, and specify to set up SAs through IKE negotiation.

<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100]

# Create an IPsec policy with the name policy1 and specify the manual mode for it.

<Sysname> system-view
[Sysname] ipsec policy policy1 101 manual
[Sysname-ipsec-policy-manual-policy1-101]