Linking the IPsec security association to an IPsec policy

Use the following procedure to link the security association to an IPsec policy.

Before you begin

  • The IPsec security association and IPsec policy must exist.

About this task

You cannot delete or modify a security association if the security association links to a policy. To modify a parameter in the security association, or to delete the security association, you must first unlink the security association from the policy. You can only unlink a security association from a policy if the policy does not link to an interface. If a policy links to an interface, you must first unlink the policy from the interface, and then unlink the policy from the security association.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Link the IPsec security association to the IPsec policy:

    ipsec policy WORD<1–32> security-association WORD<1–32>

  3. Optional: Unlink the IPsec security association to the IPsec policy:

    no ipsec policy WORD<1–32> security-association WORD<1–32>

Example

Link the IPsec security association named new_sa to the IPsec policy named newpolicy:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#ipsec policy newpolicy security-association newsa

Variable Definitions

The following table defines parameters for the ipsec policy command.

Variable

Value

WORD<1–32>

Specifies the policy ID.

security-association WORD<1–32>

Specifies the security association ID.
9037147-00 Rev AB