The ipsec profile command creates an IPSec profile and enters the IPSec profile view.
The undo ipsec profile command deletes an IPSec profile.
By default, no IPSec profile is configured.
| Parameter | Description | Value |
|---|---|---|
profile-name |
Specifies the name of an IPSec profile. |
The value is a string of 1 to 12 case-sensitive characters without question marks (?) and spaces. |
Usage Scenario
An IPSec profile is similar to an IPSec policy. However, different from an IPSec policy, an IPSec profile is identified by its name, and can only be configured in IKE negotiation mode. The IPSec profile does not support ACL configuration. The IPSec profile can be applied to only an IPSec tunnel interface. An IPSec profile defines IPSec proposals used to protect data flows, IKE negotiation parameters for SA setup, SA lifetime, and PFS status. After an IPSec profile is applied to an IPSec tunnel interface, only one IPSec tunnel is created. The IPSec tunnel protects all the data flows routed to the IPSec tunnel interface, simplifying IPSec policy management.
Follow-up Procedure
Define negotiated IPSec parameters in the IPSec profile view and run the ipsec profile command to apply the IPSec profile to an interface.
Precautions
You do not need to specify the local and remote addresses for the IKE peer that is referenced by an IKE profile. Even if the local and remote addresses are specified for the IKE peer that is referenced by an IKE profile, the local and remote addresses are invalid. This is because the source and destination addresses of the IPSec tunnel interfaces are used as local and remote addresses when the IPSec profile performs IKE negotiation.