3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
IPsec Configuration Commands 381
Example
# Set an IPsec policy whose name is newpolicy1, sequence number is 100, and
negotiation mode is isakmp.
[SecBlade_VPN] ipsec policy newpolicy1 100 isakmp
[SecBlade_VPN-ipsec-policy-isakmp-newpolicy1-100]
ipsec policy-template Syntax
ipsec policy-template template-name seq-number
undo ipsec policy-template template-name [ seq-number ]
View
System view
Parameter
template-name: Name of the IPsec policy template, an alphanumeric string of 1 to
15 characters, case insensitive, excluding minus signs (-).
seq-number: Number of the IPsec policy template, in the range 1 to 10000. In one
IPsec policy template group, the smaller the serial number of an IPsec policy
template, the higher its preference.
Description
Use the ipsec policy-template command to establish or modify an IPsec policy
template, and enter IPsec policy template view.
Use the undo ipsec policy-template template-name command to delete the
IPsec policy template group named template-name.
Use the undo ipsec policy-template template-name seq-number command to
delete the IPsec policy template with the name of template-name and the serial
number of seq-number.
By default, no IPsec policy template exists.
A policy template that has been created with the name of template-name can be
referenced by the ipsec policy policy-name seq-number isakmp template
template-name command to create an IPsec policy.
The IPsec policy template and the IPsec policy of IPsec IPSAMP negotiation share
the same kinds of arguments, including the referenced IPsec proposal, the
protected traffic, PFS feature, lifetime, and the address of the remote tunnel end.
However, you should note that the proposal argument is compulsory to be
configured whereas other arguments are optional. If an IPsec policy template is
used for the policy match operation undertaken in an IKE negotiation, the
configured arguments must be matched, and the settings of the initiator will be
used if the corresponding arguments have not been configured.
Related command: ipsec policy, security acl, tunnel local, tunnel remote,
proposal, display ipsec policy, ike-peer.