R21xx-HP FlexFabric 11900 Security Command Reference
211
• An IPsec policy is a set of IPsec policy entries that have the same name but different sequence
numbers. In the same IPsec policy, an IPsec policy entry with a smaller sequence number has a
higher priority.
• With the seq-number argument specified, the undo command deletes the specified IPsec policy
entry. Without this argument, the undo command deletes all entries of the specified IPsec policy.
• An IPv4 IPsec policy and IPv6 IPsec policy can have the same name.
Examples
# Create an IPsec policy entry, and specify the IPsec policy name as policy1, the sequence number as
100, and the IPsec SA setup mode as IKE, and enter the IPsec policy view.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100]
# Create an IPsec policy entry, and specify the IPsec policy name as policy1, the sequence number as
101, and the IPsec SA setup mode as manual, and enter the IPsec policy view.
<Sysname> system-view
[Sysname] ipsec policy policy1 101 manual
[Sysname-ipsec-policy-manual-policy1-101]
Related commands
• display ipsec { ipv6-policy | policy }
• ipsec apply
ipsec { ipv6-policy | policy } isakmp template
Use ipsec { ipv6-policy | policy } isakmp template to create an IKE-based IPsec policy by referencing an
IPsec policy template.
Use undo ipsec { ipv6-policy | policy } to delete the specified IPsec policy.
Syntax
ipsec { ipv6-policy | policy } policy-name seq-number isakmp template template-name
undo ipsec { ipv6-policy | policy } policy-name [ seq-number ]
Default
No IPsec policy is created.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6-policy: Specifies an IPv6 IPsec policy.
policy: Specifies an IPv4 IPsec policy.
policy-name: Specifies a name for the IPsec policy, a case-sensitive string of 1 to 63 characters.
seq-number: Specifies a sequence number for the IPsec policy, in the range of 1 to 65535. A smaller
number indicates a higher priority.