ipsec policy

Syntax

• default ipsec policy WORD<1-32>

• ipsec policy WORD<1-32>

• ipsec policy WORD<1-32> action drop

• ipsec policy WORD<1-32> action permit

• ipsec policy WORD<1-32> laddr WORD<1-32>

• ipsec policy WORD<1-32> protocol icmp

• ipsec policy WORD<1-32> protocol icmpv6

• ipsec policy WORD<1-32> protocol ospfv3

• ipsec policy WORD<1-32> protocol tcp sport <1-65535> dport <1-65535>

• ipsec policy WORD<1-32> protocol tcp sport <1-65535> dport any

• ipsec policy WORD<1-32> protocol udp

• ipsec policy WORD<1-32> protocol udp sport <1-65535> dport <1-65535>

• ipsec policy WORD<1-32> protocol udp sport <1-65535> dport any

• ipsec policy WORD<1-32> raddr WORD<1-32>

• no ipsec policy WORD<1-32>

Command Parameters

action <drop|permit>

Specifies the action the policy takes. The default is permit.

dport<1-65535|<any>

Specifies the destination port for TCP and UDP. You can specify any port as the destination port. The default is any.

laddr WORD<1-32>

Specifies the local address. This field is optional. laddr is an optional parameter that allows you to have multiple local addresses for each remote address. If you do not configure this parameter, then the IPv6 address 0::0 is the default, which configures this parameter to any address.

protocol <icmp|icmpv6|ospfv3|tcp|udp>

Specifies the protocol. The default is TCP.

raddr WORD<1-32>

Specifies the remote address. Use the address 0::0 to configure raddr to any, which allows the parameter to act as a wildcard entry with any destination acceptable.

sport <1-65535>

Specifies the source port for TCP and UDP.

WORD<1–32>

Specifies the policy ID

Default

The default is disabled.

Command Mode

Global Configuration