Create an IPsec Policy

Use the following procedure to configure an IPsec policy for an IPv4 or an IPv6 interface. An IPsec policy defines the level of security for different types of traffic.

Note

Note

  • You can only configure the IPsec policies for IPv4 addresses for UDP, TCP, and ICMPv4 protocols. You can continue to configure IPsec policies for IPv6 addresses for ICMPv6, OSPFv3, TCP, and UDP.

  • If you downgrade your software, the current IPsec configurations are no longer supported. You must boot with the factory default settings for IPsec, and then reconfigure the IPsec features.

About this task

You cannot delete or modify a policy if the policy links to a security association, or if the policy links to a port or VLAN interface. If you need to modify a policy you must first unlink the policy from the security association, and the port or VLAN interface.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Select IPSec.
  3. Select the Policy tab.
  4. Select Insert.
  5. In the Name field, type a policy name.
  6. Complete the remaining optional configuration to customize the policy.
  7. Select Insert.

Policy field descriptions

Use the data in the following table to use the Policy tab.

Name

Description

Name

Specifies the IPsec policy name.

DstAddress

Specifies the remote address. This field accepts IPv4 and IPv6 address, depending on the selected source address type.

SrcAddress

Specifies the local address. The local address is optional that you can configure to have multiple local addresses for each remote (destination) address.

This field accepts IPv4 and IPv6 address, depending on the selected source address type.

SrcPort

Specifies the source port for TCP and UDP. Leave this field empty to configure any port as the source port. The default is value is 1.

DstPort

Specifies the destination port for TCP and UDP. Leave this field empty to configure any port as the destination port. The default value is 1.

AdminFlag

Enables or disables the policy. The default is disabled.

L4Protocol

Specifies the protocol, as one of the following:

  • tcp

  • udp

  • icmp

  • icmpv6

  • ospfv3

IPv4 interfaces only support TCP, UDP, and ICMP.

The default is TCP.

Action

Specifies the action the policy takes. The default is to permit the packet.