Match Vrf (Ikev2 Policy View) - HP FlexNetwork MSR Series Command Reference Manual

match vrf (IKEv2 policy view)

Use match vrf to specify a VPN instance that an IKEv2 policy matches.
Use undo match vrf to restore the default.
Syntax
match vrf { name vrf-name | any }
undo match vrf
Default
No VPN instance is specified, and the IKEv2 policy matches all local IP addresses in the public
network.
Views
IKEv2 policy view
Predefined user roles
network-admin
Parameters
name vrf-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.
any: Specifies the public network and all VPN instances.
Usage guidelines
Each end must have an IKEv2 policy for the IKE_SA_INIT exchange. The initiator looks up an IKEv2
policy by the IP address of the interface to which the IPsec policy is applied and the VPN instance to
which the interface belongs. The responder looks up an IKEv2 policy by the IP address of the
interface that receives the IKEv2 packet and the VPN instance to which the interface belongs.
IKEv2 policies with this command configured are looked up before those that do not have this
command configured.
Examples
# Create an IKEv2 policy named policy1.
<Sysname> system-view
[Sysname] ikev2 policy policy1
# Configure the IKEv2 policy to match the VPN instance vpn1.
[Sysname-ikev2-policy-policy1] match vrf name vpn1
Related commands
display ikev2 policy
match local address
match vrf (IKEv2 profile view)
Use match vrf to specify a VPN instance for an IKEv2 profile.
Use undo match vrf to restore the default.
Syntax
match vrf { name vrf-name | any }
undo match vrf
585