Security Policy Configuration

Use the following procedure to define an IPsec Security Policy.

1. Access the security-policy configuration element.

   ORACLE# configure terminal
   ORACLE(configure)# security
   ORACLE(security)# ipsec
   ORACLE(ipsec)# security-policy
   ORACLE(security-policy)#

2. name—Identify this IPsec Security Policy.

   ORACLE(security-policy)# name requireIPsec

3. network-interface—Provide the network interface name of the IKEv2 interface to which this security policy is applied.

   ORACLE(security-policy)# network-interface M00:0

4. priority—(Optional) Assign a priority to this IPsec Security Policy.
   • Highest priority: 0
   • Lowest priority: 123
5. action—Specify the processing of IPsec and non-IPsec traffic streams.
   • allow—Process non-IPsec traffic
   • ipsec—Allow only IPsec traffic
   • srtp—Allow only SRTP traffic
   • srtcp—Allow only SRTCP traffic
6. direction—Identity the traffic streams subject to the processing specified by the action parameter.
   Available values are:

   • in
   • out
   • both
7. local-ip-addr-match—(Optional) Specify the local IP address of the network interface.

   Provide the local IP address or retain the default value, 0.0.0.0, which matches all local IP addresses.

   ORACLE(security-policy)# local-ip-addr-match 172.30.89.10

8. remote-ip-addr-match—(Optional) Specify the IP address of the remote IKEv2 peer.

   Provide the remote IP address or retain the default value, 0.0.0.0, which matches all remote IP addresses.

   ORACLE(security-policy)# remote-ip-addr-match 0.0.0.0

9. local-port-match—(Optional) Specify the local ports to which this IPsec Security applies.
   Use 0 to specify all local ports.

   • Min: 1
   • Max: 65535
10. remote-port-match—(Optional) Specify the remote ports to which IPsec Security Policy applies.
    Use 0 to specify all remote ports.

    • Min: 1
    • Max: 65535
11. ike-sainfo-name—Assign an IPsec data SA to this Security Policy.
12. Type done to save your configuration.