Link an IPsec Policy to an Interface

Use the following procedure to link an IPsec policy to an interface, and configure a policy direction. By default, the direction is both.

Before you begin

  • You must enable IPsec on the interface first, and then you link the IPsec policy to the interface.

About this task

You cannot delete or modify an IPsec policy if the policy links to a port or VLAN interface. If you need to modify the policy, first unlink the policy from the port or VLAN interface.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Select IPSec.
  3. Select the Interface Policy tab.
  4. Select Insert.
  5. In the Name field, type the name of the IPsec policy.
  6. In the IfIndex field, select either Port , Vlan, or Mgmt Port, and then select an interface.
    Note

    Note

    The system displays the Mgmt Port button only for hardware with a dedicated, physical management interface. If you click this button, EDM automatically populates the IfIndex value.

  7. Select Okay.
  8. Complete the remaining optional configuration.
  9. Select Insert.

Interface Policy Field Descriptions

Use the data in the following table to use the Interface Policy tab.

Name

Description

Name

Specifies the IPsec policy name.

IfIndex

Links a policy to an interface.

IfEnabled

Shows if the IPsec is enabled on the interface and if the administrative state of the policy is enabled.

IfDirection

Specifies the direction you want to protect with IPsec:

  • inbound—Specifies ingress traffic.

  • outbound—Specifies egress traffic.

  • bothDirections—Specifies both ingress and egress traffic.

The default is bothDirections.