4000 Router Series Security Command Reference

221

ipsec apply

Use ipsec apply to apply an IPsec policy to an interface.

Use undo ipsec apply to remove the application.

Syntax

ipsec apply { ipv6-policy | policy } policy-name

undo ipsec apply { ipv6-policy | policy }

Default

No IPsec policy is applied to an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-policy: Specifies an IPv6 IPsec policy.

policy: Specifies an IPv4 IPsec policy.

policy-name: Name of an IPsec policy, a case-sensitive string of 1 to 63 characters.

Usage guidelines

On an interface, you can apply only one IPsec policy. To apply a new IPsec policy to the interface, you

must first remove the IPsec policy that is already applied to the interface.

An IKE-based IPsec policy can be applied to multiple interfaces. A manual IPsec policy can be applied

to only one interface.

Examples

# Apply the IPsec policy policy1 to interface Ethernet 1/2.

<Sysname> system-view

[Sysname] interface ethernet 1/2

[Sysname-Ethernet1/2] ipsec apply policy policy1

Related commands

• display ipsec { ipv6-policy | policy }

• ipsec { ipv6-policy | policy }

ipsec decrypt-check enable

Use ipsec decrypt-check enable to enable ACL checking for de-encapsulated IPsec packets.

Use undo ipsec decrypt-check to disable ACL checking for de-encapsulated IPsec packets.

Syntax

ipsec decrypt-check enable

undo ipsec decrypt-check enable