ipsec profile (interface view)

Function

The ipsec profile command applies an IPSec profile to a tunnel interface.

The undo ipsec profile command unbinds the IPSec profile from a tunnel interface.

By default, no IPSec profile is applied to a tunnel interface.

Format

ipsec profile profile-name [ alone | master | slave ]

undo ipsec profile

Parameters

Parameter	Description	Value
profile-name	Specifies the name of an IPSec profile.	The value is an existing IPSec profile name.
alone	Indicates that the tunnel is not backed up when the status of the IPSec profile is alone.	-
master	Indicates that the status of the IPSec profile is master.	-
slave	Indicates that the status of the IPSec profile is slave.	-

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Prerequisites

An IPSec profile has been created using the ipsec profile (system view) command.

A tunnel interface has been created using the interface tunnel command, and the encapsulation mode of the tunnel interface has been set to GRE or IPSec using the tunnel-protocol command.

Precautions

A tunnel interface can be bound to only one IPSec profile. Before binding the tunnel interface to another IPSec profile, run the undo ipsec profile command to unbind the IPSec profile from the tunnel interface.
An IPSec profile is applied only to one tunnel interface. Before applying the IPSec profile to another interface, unbind the IPSec profile from the tunnel interface.
If a tunnel interface in the root system is bound to a virtual system, the IPSec profile in the root system cannot be applied to this tunnel interface.
For IPSec hot standby in load balancing mode, you need to configure the status of the IPSec profile to be master, slave or alone.

Example

# Bind the IPSec profile profile1 to tunnel interface tunnel 1.

<sysname> system-view
[sysname] interface tunnel 1
[sysname-Tunnel1] tunnel-protocol ipsec
[sysname-Tunnel1] source 10.1.1.1
[sysname-Tunnel1] ipsec profile profile1