R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101
85
manual: Sets up SAs manually.
Description
Use ipsec policy to create an IPsec policy and enter its view.
Use undo ipsec policy to delete the specified IPsec policies.
By default, no IPsec policy exists.
When creating an IPsec policy, you must specify the generation mode.
You cannot change the generation mode of an existing IPsec policy; you can only delete the policy and
then re-create it with the new mode.
IPsec policies with the same name constitute an IPsec policy group. An IPsec policy is identified uniquely
by its name and sequence number. In an IPsec policy group, an IPsec policy with a smaller sequence
number has a higher priority.
The undo ipsec policy command without the seq-number argument deletes an IPsec policy group.
Related commands: ipsec policy (interface view) and display ipsec policy.
Examples
# Create an IPsec policy with the name policy1 and sequence number 100, and specify to set up SAs
through IKE negotiation.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100]
# Create an IPsec policy with the name policy1 and specify the manual mode for it.
<Sysname> system-view
[Sysname] ipsec policy policy1 101 manual
[Sysname-ipsec-policy-manual-policy1-101]
ipsec policy isakmp template
Syntax
ipsec policy policy-name seq-number isakmp template template-name
undo ipsec policy policy-name [ seq-number ]
View
System view
Default level
2: System level
Parameters
policy-name: Name for the IPsec policy, a case-insensitive string of 1 to 15 characters. No minus sign (-)
can be included.
seq-number: Sequence number for the IPsec policy, in the range of 1 to 65535.
isakmp template template-name: Name of the IPsec policy template to be referenced.
Description
Use ipsec policy isakmp template to create an IPsec policy by referencing an existing IPsec policy
template, so that IKE can use the IPsec policy for SA negotiation.