- Administrative Security Guide
- Configuring IKEv2 Interfaces
- IPsec Security Policy Configuration
- Security Policy Configuration
Security Policy Configuration
Use the following procedure to define an IPsec Security Policy.
- Access the
security-policy configuration element.
ORACLE# configure terminal ORACLE(configure)# security ORACLE(security)# ipsec ORACLE(ipsec)# security-policy ORACLE(security-policy)#
- name—Identify this
IPsec Security Policy.
ORACLE(security-policy)# name requireIPsec
- network-interface—Provide
the network interface name of the IKEv2 interface to which this security policy
is applied.
ORACLE(security-policy)# network-interface M00:0
- priority—(Optional)
Assign a priority to this IPsec Security Policy.
- Highest priority: 0
- Lowest priority: 123
- action—Specify the
processing of IPsec and non-IPsec traffic streams.
- allow—Process non-IPsec traffic
- ipsec—Allow only IPsec traffic
- srtp—Allow only SRTP traffic
- srtcp—Allow only SRTCP traffic
- direction—Identity
the traffic streams subject to the processing specified by the
action parameter.
Available values are:
- in
- out
- both
- local-ip-addr-match—(Optional)
Specify the local IP address of the network interface.
Provide the local IP address or retain the default value, 0.0.0.0, which matches all local IP addresses.
ORACLE(security-policy)# local-ip-addr-match 172.30.89.10
- remote-ip-addr-match—(Optional)
Specify the IP address of the remote IKEv2 peer.
Provide the remote IP address or retain the default value, 0.0.0.0, which matches all remote IP addresses.
ORACLE(security-policy)# remote-ip-addr-match 0.0.0.0
- local-port-match—(Optional)
Specify the local ports to which this IPsec Security applies.
Use 0 to specify all local ports.
- Min: 1
- Max: 65535
- remote-port-match—(Optional)
Specify the remote ports to which IPsec Security Policy applies.
Use 0 to specify all remote ports.
- Min: 1
- Max: 65535
- ike-sainfo-name—Assign an IPsec data SA to this Security Policy.
- Type done to save your configuration.