3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

371

372

373

374

375

376

377

378

379

380

IPsec Configuration Commands 379

Parameter

policy-name: Specifies the name of an IPsec policy group applied at the interface.

The IPsec policy group with name policy-name should be configured in system

view.

Description

Use the ipsec policy (interface view) command to apply an IPsec policy group

with the name policy-name at the interface.

Use the undo ipsec policy (interface view) command to cancel all or the specific

IPsec policy group so as to disable the IPsec function of the interface.

At an interface, only one IPsec policy group can be applied. An IPsec policy group

can be applied at multiple interfaces.

When a packet is sent from an interface, it searches for each IPsec policy in the

IPsec policy group by number in an ascending order. If the packet matches an

access control list used by an IPsec policy, then this IPsec policy is used to process

the packet; otherwise it continues to search for the next IPsec policy. If the packet

does not match any of the access control lists used by all the IPsec policies, it will

be directly transmitted (that is, IPsec will not protect the packet).

To prevent transmitting any unencrypted packet from the interface, it is necessary

to use the firewall together with IPsec; the firewall is for dropping all the packets

that do not need to be encrypted.

Related command: ipsec policy (system view).

Example

# Apply an IPsec policy group whose name is pg1 to the interface

GigabitEthernet0/0.1.

[SecBlade_VPN] interface Ethernet GigabitEthernet0/0.1

[SecBlade_VPN- GigabitEthernet0/0.1] ipsec policy pg1

ipsec policy Syntax

ipsec policy policy-name seq-number [ manual | isakmp [ template

template-name ] ]

undo ipsec policy policy-name [ seq-number ]

View

System view

Parameter

policy-name: Name of the IPsec policy. The naming rule is: the length of the name

is 1 to 15 characters, the name is case insensitive and the characters can be

English characters or numbers, cannot include "-".

seq-number: Sequence number of the IPsec policy, ranging 1 to 10000, with lower

value indicating higher sequence priority.

manual: Sets up SA manually.