diff --git a/src/vnm_mad/remotes/security_groups/SecurityGroups.rb b/src/vnm_mad/remotes/security_groups/SecurityGroups.rb
index 481529341a..6dff639da7 100644
--- a/src/vnm_mad/remotes/security_groups/SecurityGroups.rb
+++ b/src/vnm_mad/remotes/security_groups/SecurityGroups.rb
@@ -259,7 +259,13 @@ class Rule
 
     # Getters
     def protocol
-        @rule[:protocol].downcase.to_sym rescue nil
+        p = @rule[:protocol].downcase.to_sym rescue nil
+
+        if p == :ipsec
+            :esp
+        else
+            p
+        end
     end
 
     def rule_type
@@ -283,7 +289,7 @@ class Rule
         valid = true
         error_message = []
 
-        if !protocol || ![:tcp, :udp, :icmp].include?(protocol)
+        if !protocol || ![:tcp, :udp, :icmp, :esp].include?(protocol)
             error_message << "Invalid protocol: #{protocol}"
             valid = false
         end
@@ -298,6 +304,11 @@ class Rule
             valid = false
         end
 
+        if range && protocol == :esp
+            error_message << "IPSEC does not support port ranges"
+            valid = false
+        end
+
         if net && !valid_net?
             error_message << "Invalid net: IP:'#{@rule[:ip]}' SIZE:'#{@rule[:size]}'"
             valid = false