Enabling an IPsec policy
Use the following procedure to enable an IPsec policy. An IPsec policy defines the level of security for different types of traffic.
Note
If you downgrade your software, the current IPsec configurations are no longer supported. You must boot with the factory default settings for IPsec, and then reconfigure the IPsec features.
Before you begin
Create an IPsec policy.
About this task
The IPsec feature adds policies only if the admin status of the policy and the IPsec status on the interface are enabled.
If you disable the IPsec policy on an IPv4 or IPv6 interface, IPsec removes the policy-related information from the security policy database (SPD) and the security association database (SADB), but the information remains on the system. After you re-enable, the information reapplies on the interface.
Procedure
Example
Enable an IPsec policy named newpolicy:
Switch:1>enable Switch:1#configure terminal Switch:1(config)#ipsec policy newpolicy admin enable
Variable Definitions
The following table defines parameters for the ipsec policy command.
Variable |
Value |
---|---|
admin enable |
Enables the policy. |
WORD<1–32> |
Specifies the IPsec policy name. |