Applying an IPsec policy to an interface
Restrictions and guidelines
You can apply an IPsec policy to interfaces to protect data flows.
An IKE-based IPsec policy can be applied to multiple interfaces. As a best practice, apply an IKE-based IPsec policy to only one interface.
A manual IPsec policy can be applied to only one interface.
To cancel the IPsec protection, remove the application of the IPsec policy.
Procedure
Enter system view.
system-view
Enter interface view.
interface interface-type interface-number
Apply an IPsec policy to the interface.
ipsec apply { ipv6-policy | policy } policy-name
By default, no IPsec policy is applied to an interface.
On one interface, you can apply only one IPv4 IPsec policy and one IPv6 IPsec policy.
Specify a traffic processing slot for the interface.
service slot slot-number
By default, no traffic processing slot is specified for an interface. Traffic on an interface is processed on the slot at which the traffic arrives.
This step is required when the following conditions are met:
An IKE-based IPsec policy is applied to a global logical interface, such as VLAN interface and tunnel interface.
The IPsec anti-replay feature is globally enabled.