The ipsec policy-template command creates an IPSec policy template and displays the IPSec policy template view.
The undo ipsec policy-template command deletes an IPSec policy template group or an IPSec policy template from the group.
By default, no IPSec policy template is created.
ipsec policy-template template-name seq-number
undo ipsec policy-template template-name [ seq-number ]
| Parameter | Description | Value |
|---|---|---|
| template-name | Specifies the name of the policy template. | It is a string of 1 to 15 case sensitive characters and cannot contain the hyphen (-). |
| seq-number | Specifies the sequence number of the IPSec policy. | It is an integer that ranges from 1 to 10000. The smaller the value is, the higher the priority is. |
Usage Scenario
Negotiated IPSec parameters are defined in the IPSec policy template view. The initiator determines optional parameters, and the responder accepts the parameters delivered by the initiator. If an IPSec policy template is configured at the local end, the local end can only function as the responder to receive negotiation requests.
An IPSec policy template can be used to configure multiple IPSec policies, reducing the workload of establishing multiple IPSec tunnels. An IPSec policy template is applicable to specific scenarios, for example, scenario where the remote IP address is variable or unknown and the remote peers are allowed to initiate negotiation to the local end.
ACLs in this mode are optional. If no ACL is configured, the responder uses the ACL configured on the initiator to protect data flows.
Follow-up Procedure
Run the ipsec policy policy-name seq-number isakmp template template-name command to reference the created template.
Precautions
The IPSec policy template name must be different from the IPSec policy name.