ipsec { ipv6-policy | policy } isakmp template

Use ipsec { ipv6-policy | policy } isakmp template to create an IKE-based IPsec policy entry by using an IPsec policy template.

Use undo ipsec { ipv6-policy | policy } to delete an IPsec policy.

Syntax

ipsec { ipv6-policy | policy } policy-name seq-number isakmp template template-name

undo ipsec { ipv6-policy | policy } policy-name [ seq-number ]

Default

No IPsec policies exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv6-policy: Specifies an IPv6 IPsec policy.

policy: Specifies an IPv4 IPsec policy.

policy-name: Specifies a name for the IPsec policy, a case-insensitive string of 1 to 63 characters.

seq-number: Specifies a sequence number for the IPsec policy, in the range of 1 to 65535. A smaller number indicates a higher priority.

isakmp template template-name: Specifies an IPsec policy template by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

If you specify the seq-number argument, the undo command deletes the specified IPsec policy entry. If you do not specify this argument, the undo command deletes the specified IPsec policy.

An interface applied with an IPsec policy that is configured by using an IPsec policy template cannot initiate an SA negotiation, but it can respond to a negotiation request. The parameters not defined in the template are determined by the initiator. When the remote end's information (such as the IP address) is unknown, this method allows the remote end to initiate negotiations with the local end.

Examples

# Create an IPsec policy entry by using IPsec policy template temp1, and specify the IPsec policy name as policy2 and the sequence number as 200.

<Sysname> system-view
[Sysname] ipsec policy policy2 200 isakmp template temp1

Related commands

display ipsec { ipv6-policy | policy }

ipsec { ipv6-policy-template | policy-template }