Create an IPsec Policy
Use the following procedure to configure an IPsec policy for an IPv4 or an IPv6 interface. An IPsec policy defines the level of security for different types of traffic.
Note
-
You can only configure the IPsec policies for IPv4 addresses for UDP, TCP, and ICMPv4 protocols. You can continue to configure IPsec policies for IPv6 addresses for ICMPv6, OSPFv3, TCP, and UDP.
-
If you downgrade your software, the current IPsec configurations are no longer supported. You must boot with the factory default settings for IPsec, and then reconfigure the IPsec features.
About this task
You cannot delete or modify a policy if the policy links to a security association, or if the policy links to a port or VLAN interface. If you need to modify a policy you must first unlink the policy from the security association, and the port or VLAN interface.
Procedure
- In the navigation pane, expand .
- Select IPSec.
- Select the Policy tab.
- Select Insert.
- In the Name field, type a policy name.
- Complete the remaining optional configuration to customize the policy.
- Select Insert.
Policy field descriptions
Use the data in the following table to use the Policy tab.
Name |
Description |
---|---|
Name |
Specifies the IPsec policy name. |
DstAddress |
Specifies the remote address. This field accepts IPv4 and IPv6 address, depending on the selected source address type. |
SrcAddress |
Specifies the local address. The local address is optional that you can configure to have multiple local addresses for each remote (destination) address. This field accepts IPv4 and IPv6 address, depending on the selected source address type. |
SrcPort |
Specifies the source port for TCP and UDP. Leave this field empty to configure any port as the source port. The default is value is 1. |
DstPort |
Specifies the destination port for TCP and UDP. Leave this field empty to configure any port as the destination port. The default value is 1. |
AdminFlag |
Enables or disables the policy. The default is disabled. |
L4Protocol |
Specifies the protocol, as one of the following:
IPv4 interfaces only support TCP, UDP, and ICMP. The default is TCP. |
Action |
Specifies the action the policy takes. The default is to permit the packet. |