Enabling an IPsec policy

Use the following procedure to enable an IPsec policy. An IPsec policy defines the level of security for different types of traffic.

Note

Note

If you downgrade your software, the current IPsec configurations are no longer supported. You must boot with the factory default settings for IPsec, and then reconfigure the IPsec features.

Before you begin

  • Create an IPsec policy.

About this task

The IPsec feature adds policies only if the admin status of the policy and the IPsec status on the interface are enabled.

If you disable the IPsec policy on an IPv4 or IPv6 interface, IPsec removes the policy-related information from the security policy database (SPD) and the security association database (SADB), but the information remains on the system. After you re-enable, the information reapplies on the interface.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Enable an IPsec policy:

    ipsec policy WORD<1–32> admin enable

  3. Optional: Disable an IPsec policy:

    no ipsec policy WORD<1–32> admin enable

Example

Enable an IPsec policy named newpolicy:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#ipsec policy newpolicy admin enable

Variable Definitions

The following table defines parameters for the ipsec policy command.

Variable

Value

admin enable

Enables the policy.

WORD<1–32>

Specifies the IPsec policy name.