R3303-HP HSR6800 Routers Security Configuration Guide
76
Step Command Remarks
3. Reference a GDOI GM
group for the GDOI IPsec
policy entry.
group group-name
By default, no GDOI GM group is
referenced.
You can reference only one GDOI
GM group for a GDOI IPsec policy
entry. For a GDOI IPsec policy
entry to take effect, the referenced
GDOI GM group must have
correct KS addresses and group
ID.
4. Reference an ACL for the
GDOI IPsec policy entry.
security acl acl-number
Optional.
By default, no ACL is referenced.
Typically, there is no need to
reference an ACL unless you need
to filter traffic.
You can reference only one ACL
for a GDOI IPsec policy entry. Use
the permit rules of the ACL with
caution because packets matching
a permit rule are discarded.
Applying a GDOI IPsec policy to an interface
After you apply a GDOI IPsec policy to an interface, the interface uses the group ID and KS addresses
in the GDOI GM group referenced by the policy to perform registration, and uses the local ACL and the
downloaded ACL for packet filtering and encryption.
To apply a GDOI IPsec policy to an interface:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Apply a GDOI IPsec
policy to the interface.
ipsec policy policy-name
By default, no GDOI IPsec policy is
applied to an interface.
You can apply only one GDOI
IPsec policy to an interface. A
GDOI IPsec policy can be applied
to multiple interfaces.
For more information about this
command, see Security Command
Reference.
Displaying and maintaining GM
Execute display commands in any view, and execute reset commands in user view.