diff --git a/docs/set-variables-group-vars.md b/docs/set-variables-group-vars.md
index ed20203c..67db0245 100644
--- a/docs/set-variables-group-vars.md
+++ b/docs/set-variables-group-vars.md
@@ -166,6 +166,7 @@
 **env.jumphost.user** | (Optional) The user name to login to the jumphost. | admin
 **env.jumphost.pass** | (Optional) The password for user to login to the jumphost. | ch4ngeMe!
 **env.jumphost.path_to_keypair** | (Optional) The absolute path to the public key file on the jumphost to be copied to the bastion. | /home/admin/.ssh/id_rsa.pub
+**env.ipsec_enabled** | (Optional) If IPSEC network configuration has to be enabled, this flag should be set to true | 
 
 ## 12 - OCP and RHCOS (CoreOS)
 * These parameters are responsible which version of OCP, RHCOS and os variant AOP is using. The default value is 'latest' for s390x architecture. I you want to install a different version or a different architecture you need to specify specify the following parameters in all.yaml file:
diff --git a/inventories/default/group_vars/all.yaml.template b/inventories/default/group_vars/all.yaml.template
index 1f758454..e9d191a8 100644
--- a/inventories/default/group_vars/all.yaml.template
+++ b/inventories/default/group_vars/all.yaml.template
@@ -201,6 +201,9 @@ env:
   use_dhcp: False
   setup_openvpn: False
 
+# Uncomment the line below to enable IPSec network configuration.
+# ipsec_enabled: true
+
 #jumphost if network mode is NAT
   jumphost:
     name:
diff --git a/roles/get_ocp/files/cluster-network-03-config.yml b/roles/get_ocp/files/cluster-network-03-config.yml
new file mode 100644
index 00000000..4fb53bd2
--- /dev/null
+++ b/roles/get_ocp/files/cluster-network-03-config.yml
@@ -0,0 +1,9 @@
+apiVersion: operator.openshift.io/v1
+kind: Network
+metadata:
+  name: cluster
+spec:
+  defaultNetwork:
+    ovnKubernetesConfig:
+      ipsecConfig:
+        mode: Full
diff --git a/roles/get_ocp/tasks/main.yaml b/roles/get_ocp/tasks/main.yaml
index acf61262..53066679 100644
--- a/roles/get_ocp/tasks/main.yaml
+++ b/roles/get_ocp/tasks/main.yaml
@@ -92,6 +92,24 @@
     /root/ocpinst/openshift-install create manifests --dir=/root/ocpinst/
   become: true
 
+- name: Copy the file when ipsec flag is enabled
+  tags: get_ocp
+  become: true
+  copy:
+    src: cluster-network-03-config.yml
+    dest: /root/ocpinst/manifests/cluster-network-03-config.yml
+  when: env.ipsec_enabled is defined and env.ipsec_enabled != None and env.ipsec_enabled
+
+- name: List the files in the manifests directory
+  tags: get_ocp
+  become: true
+  command: "ls -lrt /root/ocpinst/manifests/"
+  register: manifests_list
+
+- debug:
+    msg: "{{ manifests_list }}"    
+
+
 - name: Set masters schedulable parameter to false
   tags: get_ocp
   become: true