Steps for configuring local IP security policy using both a stack-specific file and a common file

You can configure local IP security policy using both a stack-specific file and a common file. If there are duplicate statements, the stack-specific file always takes precedence over the common file.

Procedure

Perform the following steps to configure local IP security policy using both a stack-specific IP security configuration file and a common IP security configuration file.

In the main Policy Agent configuration file, include a CommonIpSecConfig line that identifies the common IP security configuration file, as follows:
```
CommonIpSecConfig    /etc/common.ipsecpol
```
In the main Policy Agent configuration file, include a line with the TcpImage statement for each stack to be configured, as follows:
```
TcpImage TCPCS  /etc/TCPCS.image
TcpImage TCPCS2 /etc/TCPCS2.image
⋮
```
In each configuration file that was identified on the TcpImage statement in step 2, include an IPSecConfig line that identifies the stack-specific IP security configuration file, as follows:
```
In /etc/TCPCS.image:
IpSecConfig     /etc/TCPCS.ipsecpol

In /etc/TCPCS2.image:
IpSecConfig     /etc/TCPCS2.ipsecpol
```

Results

Any statements in the common IP security configuration file are added to the policy for each stack when the policy is initialized. Either file, /etc/TCPCS.ipsecpol or /etc/TCPCS2.ipsecpol, can refer to statements in /etc/common.ipsecpol. In the case of duplicate names, any named statement in the stack-specific IP security configuration file overrides a statement with the same name in the common IP security configuration file.