A data processing system, method, and product are disclosed for automatically configuring IP security tunnels. A security policy specification format is established that is capable of being utilized by any one of multiple different operating systems and any one of multiple different machine types. An IP security tunnel is automatically configured utilizing the security policy specification format.