Link an IPsec Policy to an Interface

Use the following procedure to link an IPsec policy to an interface, and configure a policy direction. By default, the direction is both.

About this task

You cannot delete or modify an IPsec policy if the policy links to a port or VLAN interface. If you need to modify the policy, first unlink the policy from the port or VLAN interface.

Before you begin

  • You must enable IPsec on the interface first, and then you link the IPsec policy to the interface.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Click IPSec.
  3. Click the Interface Policy tab.
  4. Click Insert.
  5. In the Name field, type the name of the IPsec policy.
  6. In the IfIndex field, click either Port , Vlan, or Mgmt Port, and then select an interface.
    Note

    Note

    The system displays the Mgmt Port button only for hardware with a dedicated, physical management interface. If you click this button, EDM automatically populates the IfIndex value.

  7. Click Okay.
  8. Complete the remaining optional configuration.
  9. Click Insert.

Interface Policy field descriptions

Use the data in the following table to use the Interface Policy tab.

Name

Description

Name

Specifies the IPsec policy name.

IfIndex

Links a policy to either a port, VLAN, loopback, or management interface.

IfEnabled

Shows if the IPsec is enabled on the interface and if the administrative state of the policy is enabled.

IfDirection

Specifies the direction you want to protect with IPsec:

  • inbound—Specifies ingress traffic.

  • outbound—Specifies egress traffic.

  • bothDirections—Specifies both ingress and egress traffic.

The default is bothDirections.