Command Reference Guide
164 ● ipsec policy (Interface view) 3Com Router 5000 Family and Router 6000 Family
Command Reference
ipsec policy (Interface view)
Purpose Use the ipsec policy(interface view) command to apply an ipsec policy group
with the name
policy-name at the interface,.
Use the undo ipsec policy (interface view) command to remove one or all ipsec
policy group from the interface so as to disable the IPSec function of the interface.
Syntax ipsec policy policy-name
undo ipsec policy [ policy-name ]
Parameters policy-name
Specifies the name of an ipsec policy group applied at
the interface. The ipsec policy group with name
policy-name should be configured in system view.
Example Apply an ipsec policy whose name is policy1 to interface Serial 4/1/2.
[3Com] interface serial 4/1/2
[3Com-Serial4/1/2] ipsec policy policy1
View This command can be used in the following views:
■ Interface view
Description At an interface, only one ipsec policy group can be applied. An ipsec policy group can
be applied at multiple interfaces.
When a packet is sent from an interface, it searches for each ipsec policy in the ipsec
policy group by number in an ascending order. If the packet matches an access
control list used by an ipsec policy, then this ipsec policy is used to process the packet;
otherwise it continues to search for the next ipsec policy. If the packet does not match
any of the access control lists used by all the ipsec policies, it will be directly
transmitted (that is, IPSec will not protect the packet).
To prevent transmitting any unencrypted packet from the interface, it is necessary to
use the firewall together with IPSec; the firewall is for dropping all the packets that do
not need to be encrypted.
Related Command ipsec policy (System view)