ipsec policy-template

Function

The ipsec policy-template command creates an IPSec policy template and enters the corresponding view.

The undo ipsec policy-template command deletes an IPSec policy template.

By default, the IPSec policy template is not created.

This command is supported only on the NetEngine 8000 F1A.

Format

ipsec policy-template template-name seq-number

undo ipsec policy-template template-name [ seq-number ]

Parameters

Parameter	Description	Value
template-name	Indicates the name of the policy template.	It is a string of 1 to 15 case sensitive characters.
seq-number	Indicates the sequence number of the IPSec policy.	It is an integer that ranges from 1 to 10000. Smaller value has higher priority. It is recommended to set only one sequence number.

Parameter

Description

Value

template-name

Indicates the name of the policy template.

It is a string of 1 to 15 case sensitive characters.

seq-number

Indicates the sequence number of the IPSec policy.

It is an integer that ranges from 1 to 10000. Smaller value has higher priority.

It is recommended to set only one sequence number.

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
ike	write

Usage Guidelines

Usage Scenario

There are uncertain factors in actual IPSec networking. For example, if the network has mobile business users, the IP addresses allocated to the users may be different upon each dial-up. As a result, the addresses of end points of an IPSec tunnel and the data flows to be protected cannot be certain. This leads to difficulties in IPSec deployment.

In this case, you can configure an IPSec policy template at the receive end of the IPSec tunnel to meet the requirement. An IPSec policy template refers to a policy template in which certain parameters are configured. In the case of the parameters not configured, the related parameters of the initiator are adopted.

By specifying template-name in the ipsec policy policy-name seq-number isakmp template template-name command, you can adopt the specified template to create IPSec policies.

The parameters for configuring an IPSec policy template are the same with those used for configuring an IPSec policy in the IPSec ISAKMP negotiation mode, including the IPSec proposal referenced, data stream protected, PFS features, duration and IKE-peer, in which acl, proposal and IKE-peer are mandatory while others are optional. In the case that the IPSec policy template is used for matching policies, all the parameters configured must be matched during the IKE negotiation while the other parameters comply with those configured by the initiator.

Precautions

If GRE and IPsec are configured on the same tunnel interface, no security policy template can be configured for IPsec.

Example

# Create an IPSec policy template with the name policy1 and the sequence number 1.

<HUAWEI> system-view
[~HUAWEI] ipsec policy-template policy1 1
[*HUAWEI-ipsec-policy-templet-policy1-1]