Related command:
Example
security acl
Syntax
View
Parameter
Description
Related command:
Example
When configuring an IPSec policy, you need to set the parameters of both the
■
inbound and outbound SAs.
The key for the inbound SA at the local end must be the same as that for the
■
outbound SA at the remote end, and the key for the outbound SA at the local
end must be the same as that for the inbound SA at the remote end.
Both ends of an IPSec tunnel must be configured with the same key in the
■
same format.
ipsec policy (system view).
# Configure the keys for the inbound and outbound SAs using AH to abcdef and
efcdab respectively.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa string-key inbound ah abcdef
[Sysname-ipsec-policy-manual-policy1-100] sa string-key inbound ah efcdab
security acl acl-number
undo security acl
IPSec policy view/IPSec policy template view
acl-number: Number of the ACL for the IPSec policy to reference, in the range
3000 to 3999.
Use the
command to specify the ACL for the IPSec policy to
security acl
reference.
Use the
undo security acl
By default, an IPSec policy references no ACL.
ipsec policy (system view).
# Configure IPSec policy policy1 to reference ACL 3001.
<Sysname> system-view
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule permit tcp source 10.1.1.0 0.0.0.255 des
tination 10.1.2.0 0.0.0.255
[Sysname-acl-adv-3001] quit
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] security acl 3001
command to remove the configuration.
2149