IPsec Configuration

The ipsec tunnel <n> command, issued from config mode, changes to IPsec tunnel mode. This is denoted by config-ipsec-tunnel in the prompt.

The identifier number for tunnel entries starts at 0 and increments by one. To determine the next tunnel number for a new entry, run ipsec tunnel ? and TNSR will print the existing tunnel ID numbers.

This command creates an IPsec tunnel with an identifier of 0:

tnsr(config)# ipsec tunnel 0

The remainder of the configuration is covered in the following sections.

Enable/Disable IPsec Tunnels

New IPsec tunnels are in a disabled state by default and must be explicitly enabled:

tnsr(config)# ipsec tunnel <n>
tnsr(config-ipsec-tunnel)# enable

Should the need arise to disable the tunnel in the future, the process is similar:

tnsr(config)# ipsec tunnel <n>
tnsr(config-ipsec-tunnel)# disable

When disabling a tunnel the configuration can remain in place, but the tunnel will not be loaded into the IPsec daemon.