Use the TCPIP OPTION command to enable or disable IPsec.

IPsec encryption and authentication are offloaded to the IOP on systems using MCP v3 Networking. On these systems, IPsec can be enabled for IPv4 or IPv6 networks. The IPSEC option of the TCPIP OPTION command controls whether or not IPSec is enabled for a particular instance of TCPIPSupport. The IPSECDEFault setting applies to IP addresses with no IPSec policies defined.

The default setting for IPSECDEFault is IPv6ONLY and is established when TCPIP initializes. The default setting for IPSec is FALSE. When the + IPSEC option and the IPSECDEFault setting are included in the same command, the IPSECDEFault behavior is modified prior to initializing IPSec.

You can only change the IPSECDEFault setting before initializing a device or enabling IPSec for the first time. Once IPSec is enabled and any NP device is active, the IPSECDEFault behavior cannot be changed. In addition, IPSec cannot be disabled once it is initiated. If IPsec is disabled, the behavior of TCPIPSupport is indeterminate. To change the IPSECDEFault behavior, TCPIPSupport must be restarted.

If you configure any policies for a given local IP address, then IPSECDEFault is ignored, and you must configure additional bypass policies. For more information on configuring the bypass policies, see the section "IP Security (IPsec)" in the MCP Security Overview and Implementation Guide.

For a more detailed description of the IPSECDEFault setting, refer to the Networking Commands and Inquiries Help.

To enable IPsec, enter the following:

NW TCPIP OPT + IPSEC

To disable IPsec, enter the following:

NW TCPIP OPT – IPSEC

The default state of IPsec is disabled.