3com MSR 20-20 참조 매뉴얼
2136
C
HAPTER
140: IPS
EC
C
ONFIGURATION
C
OMMANDS
<Sysname> system-view
[Sysname] interface serial 2/2
[Sysname-Serial2/2] ipsec policy pg1
ipsec policy (system view)
Syntax
ipsec policy policy-name seq-number [ isakmp | manual ]
undo ipsec policy policy-name [ seq-number ]
View
System view
Parameter
policy-name: Name for the IPSec policy, a case insensitive string of 1 to 15
characters. Valid characters are English letters and numbers. No minus sign (-) can
be included.
characters. Valid characters are English letters and numbers. No minus sign (-) can
be included.
seq-number: Sequence number for the IPSec policy, in the range 1 to 10000.
isakmp: Sets up SAs through IKE negotiation.
manual: Sets up SAs manually.
Description
Use the ipsec policy command to create an IPSec policy and enter its view.
Use the undo ipsec policy command to delete the specified IPSec policies.
By default, no IPSec policy exists.
Note that:
■
When creating an IPSec policy, the generation mode will be manual if you do
not specify it.
not specify it.
■
You cannot change the generation mode of an existing IPSec policy; you can
only delete the policy and then re-create it with the new mode.
only delete the policy and then re-create it with the new mode.
■
IPSec policies with the same name constitute an IPsec policy group. An IPSec
policy is identified uniquely by its name and sequence number. In an IPSec
policy group, an IPSec policy with a smaller sequence number has a higher
priority.
policy is identified uniquely by its name and sequence number. In an IPSec
policy group, an IPSec policy with a smaller sequence number has a higher
priority.
■
Using the undo ipsec policy command without the seq-number argument
deletes an IPSec policy group.
deletes an IPSec policy group.
Related command:
Example
# Create an IPSec policy with the name policy1 and sequence number 100.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100]