Applying an IKE-based IPsec profile to a tunnel interface
After an IKE-based IPsec profile is applied to a tunnel interface, the peers negotiate an IPsec tunnel through IKE to protect data transmitted through the tunnel interface. The tunnel interface becomes up after IKE negotiation succeeds.
IKE-based IPsec profiles can be applied only to ADVPN and IPsec tunnel interfaces.
To apply an IKE-based IPsec profile to an ADVPN tunnel interface:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create an ADVPN tunnel interface and enter tunnel interface view. | interface tunnel number mode advpn { gre | udp } [ ipv6 ] | By default, no tunnel interface exists on the device. |
3. Apply an IKE-based IPsec profile to the tunnel interface. | tunnel protection ipsec profile profile-name | By default, no IPsec profile is applied to the tunnel interface. |
To apply an IKE-based IPsec profile to an IPsec tunnel interface:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create an IPsec tunnel interface and enter tunnel interface view. | interface tunnel number mode ipsec [ ipv6 ] | By default, no tunnel interface exists on the device. |
3. Apply an IKE-based IPsec profile to the tunnel interface. | tunnel protection ipsec profile profile-name | By default, no IPsec profile is applied to the tunnel interface. |