[x]

IPsec commands > ipsec profile

 

 Next

ipsec profile

Use ipsec profile to create an IPsec profile and enter its view, or enter the view of an existing IPsec profile.

Use undo ipsec profile to delete an IPsec profile.

Syntax

ipsec profile profile-name [ manual | isakmp ]

undo ipsec profile profile-name

Default

No IPsec profiles exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

profile-name: Specifies a name for the IPsec profile, a case-insensitive string of 1 to 63 characters.

manual: Specifies the IPsec SA setup mode as manual.

isakmp: Specifies the IPsec SA setup mode as IKE.

Usage guidelines

When you create an IPsec profile, you must specify the IPsec SA setup mode (manual or isakmp). When you enter the view of an existing IPsec profile, you do not need to specify the IPsec SA setup mode.

A manual IPsec profile is similar to a manual IPsec policy. It is used exclusively for IPsec protection for application protocols, including OSPFv3, IPv6 BGP, and RIPng.

An IKE-based IPsec profile is similar to an IKE-based IPsec policy. It uses IKE negotiation to establish IPsec SAs to protect IPv4 and IPv6 application protocols, such as ADVPN. An IKE-based IPsec profile does not require you to specify the remote end address or an ACL.

Examples

# Create a manual IPsec profile named profile1.

<Sysname> system-view
[Sysname] ipsec profile profile1 manual
[Sysname-ipsec-profile-manual-profile1]

# Create an IKE-based IPsec profile named profile1.

<Sysname> system-view
[Sysname] ipsec profile profile1 isakmp
[Sysname-ipsec-profile-isakmp-profile1]

Related commands

display ipsec profile

prev

 

up

 next

ipsec logging packet enable 

home

 ipsec redundancy enable

© Copyright 2018 Hewlett Packard Enterprise Development LP