ipsec { ipv6-policy | policy } isakmp template
Use ipsec { ipv6-policy | policy } isakmp template to create an IKE-based IPsec policy entry by using an IPsec policy template.
Use undo ipsec { ipv6-policy | policy } to delete an IPsec policy.
Syntax
ipsec { ipv6-policy | policy } policy-name seq-number isakmp template template-name
undo ipsec { ipv6-policy | policy } policy-name [ seq-number ]
Default
No IPsec policies exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ipv6-policy: Specifies an IPv6 IPsec policy.
policy: Specifies an IPv4 IPsec policy.
policy-name: Specifies a name for the IPsec policy, a case-insensitive string of 1 to 63 characters.
seq-number: Specifies a sequence number for the IPsec policy, in the range of 1 to 65535. A smaller number indicates a higher priority.
isakmp template template-name: Specifies an IPsec policy template by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you specify the seq-number argument, the undo command deletes the specified IPsec policy entry. If you do not specify this argument, the undo command deletes the specified IPsec policy.
An interface applied with an IPsec policy that is configured by using an IPsec policy template cannot initiate an SA negotiation, but it can respond to a negotiation request. The parameters not defined in the template are determined by the initiator. When the remote end's information (such as the IP address) is unknown, this method allows the remote end to initiate negotiations with the local end.
Examples
# Create an IPsec policy entry by using IPsec policy template temp1, and specify the IPsec policy name as policy2 and the sequence number as 200.
<Sysname> system-view [Sysname] ipsec policy policy2 200 isakmp template temp1
Related commands
display ipsec { ipv6-policy | policy }
ipsec { ipv6-policy-template | policy-template }