Link an IPsec Policy to a Management Interface

Use the following procedure to link an IPsec policy to a management interface, and configure a policy direction. By default, the direction is both.
Note

Note

This procedure applies to VSP 8600 Series only.

Before you begin

  • You must enable IPsec on the interface first, and then you link the IPsec policy to the interface.

Procedure

  1. Enter mgmtEthernet Interface Configuration mode:

    enable

    configure terminal

    interface mgmtEthernet <mgmt | mgmt2>

  2. Link the IPsec policy to an IPv4 interface:

    ip ipsec policy WORD<1–32> dir <both|in|out>

  3. Link the IPsec policy to an IPv6 interface:

    ipv6 ipsec policy WORD<1–32> dir <both|in|out>

  4. Optional: Unlink the IPsec policy from an IPv4 interface:

    no ip ipsec policy WORD<1–32> dir <both|in|out>

  5. Optional: Unlink the IPsec policy from an IPv6 interface:

    no ipv6 ipsec policy WORD<1–32> dir <both|in|out>

Example

Link the IPsec policy for IPv4 to the management interface:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#interface mgmtEthernet mgmt
Switch:1(config-if)#ip ipsec policy newpolicy dir both

Variable Definitions

The following table defines parameters for the ip ipsec policy and ipv6 ipsec policy commands.

Variable

Value

WORD<1–32>

Specifies the policy ID.

dir <both|in|out>

Specifies the direction you want to protect with IPsec:
  • both—Specifies both ingress and egress traffic.

  • in—Specifies ingress traffic.

  • out—Specifies egress traffic.

The default is both.