HP A6600 Configuration Manual page 262
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
Router A connects the segment 1.1.2.0/24, and Router B connects the segment 3.3.3.0/24. On Router
A, apply the IPsec policy group test to the outbound interface of Router A. The IPsec policy group
contains two policies, test 1 and test 2. The ACLs referenced by the two policies each contain a rule that
matches traffic from 1.1.2.0/24 to 3.3.3.0/24. The one referenced in policy test 1 is a deny statement,
and the one referenced in policy test 2 is a permit statement. Because test 1 is matched prior to test 2,
traffic from 1.1.2.0/24 to 3.3.3.0/24 matches the deny statement and is sent as normal traffic. When
the traffic arrives at Router B, it is dropped if it matches a permit statement in the ACL referenced in the
applied IPsec policy.
Configuration on Router A:
acl number 3000
rule 0 permit ip source 1.1.1.0 0.0.0.255 destination 2.2.2.0 0.0.0.255
rule 1 deny ip
acl number 3001
rule 0 permit ip source 1.1.2.0 0.0.0.255 destination 3.3.3.0 0.0.0.255
rule 1 deny ip
#
ipsec policy test 1 isakmp
security acl 3000
ike-peer aa
proposal 1
#
ipsec policy test 2 isakmp
security acl 3001
ike-peer bb
proposal 1
Configuration on Router B:
acl number 3001
rule 0 permit ip source 3.3.3.0 0.0.0.255 destination 1.1.2.0 0.0.0.255
rule 1 deny ip
#
ipsec policy test 1 isakmp
security acl 3001
ike-peer aa
proposal 1
250
Advertisement
Table of Contents
Troubleshooting
