Ip-Tunnel Access-Route - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
Related commands
ip-tunnel access-route
ip-tunnel access-route
Use ip-tunnel access-route to specify the routes to be issued to clients.
Use undo ip-tunnel access-route to restore the default.
Syntax
ip-tunnel access-route { ip-address { mask-length | mask } | force-all | ip-route-list list-name }
undo ip-tunnel access-route
Default
No routes to be issued to clients are specified.
Views
SSL VPN policy group view
Predefined user roles
network-admin
Parameters
ip-address { mask-length | mask }: Configures a route to be issued to a client. The ip-address
argument specifies the destination address of the route. It cannot be a multicast, broadcast, or
loopback address. The mask-length argument specifies the mask length of the route, in the range of
0 to 32.
force-all: Forces all traffic to be sent to the SSL VPN gateway.
ip-route-list list-name: Issues routes in the specified route list to a client. The list-name argument
specifies the route list name, a case-insensitive string of 1 to 31 characters. The specified route list
must have been created by the ip-route-list command.
Usage guidelines
When a client accesses an SSL VPN gateway in IP mode, the SSL VPN gateway issues the
configured route or the specified routes to the client. The client adds the routes, using the VNIC as
the output interface. Packets from the client to the internal servers match the routes, and therefore
are sent to the SSL VPN gateway through the VNIC.
After you execute the ip-tunnel access-route force-all command, the SSL VPN gateway issues a
default route to the SSL VPN client. The default route uses the VNIC as the output interface and has
the highest priority among all default routes on the client. Packets for destinations not in the routing
table are sent to the SSL VPN gateway through the VNIC. The SSL VPN gateway monitors the SSL
VPN client in real time. It does not allow the client to delete the default route or add a default route
with a higher priority.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# In the view of policy group pg1, configure the SSL VPN gateway to issue routes in the route list
rtlist to a client.
<Sysname> system-view
[Sysname] sslvpn context ctx1
[Sysname-sslvpn-context-ctx1] ip-route-list rtlist
[Sysname-sslvpn-context-ctx1-route-list-rtlist] include 10.0.0.0 8
[Sysname-sslvpn-context-ctx1-route-list-rtlist] include 20.0.0.0 8
769
Advertisement
Table of Contents
