Applying an IPsec policy to an interface

Restrictions and guidelines

You can apply an IPsec policy to interfaces to protect data flows.

To cancel the IPsec protection, remove the application of the IPsec policy.

Procedure

  1. Enter system view.

    system-view

  2. Enter interface view.

    interface interface-type interface-number

  3. Apply an IPsec policy to the interface.

    ipsec apply { ipv6-policy | policy } policy-name

    By default, no IPsec policy is applied to an interface.

    On one interface, you can apply only one IPv4 IPsec policy and one IPv6 IPsec policy.

  4. Specify a traffic processing slot for the interface.

    service slot slot-number

    By default, no traffic processing slot is specified for an interface. Traffic on an interface is processed on the slot at which the traffic arrives.

    This step is required when the following conditions are met:

    • An IKE-based IPsec policy is applied to a global logical interface, such as VLAN interface and tunnel interface.

    • The IPsec anti-replay feature is globally enabled.