HP VPN Firewall Appliances VPN Command Reference
102
<Sysname> system-view
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule permit tcp source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[Sysname-acl-adv-3001] quit
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] security acl 3001
# Configure IPsec policy policy2 to reference ACL 3002, and set the data flow protection mode to
aggregation.
<Sysname> system-view
[Sysname] acl number 3002
[Sysname-acl-adv-3002] rule 0 permit ip source 10.1.2.1 0.0.0.255 destination 10.1.2.2
0.0.0.255
[Sysname-acl-adv-3002] rule 1 permit ip source 10.1.3.1 0.0.0.255 destination 10.1.3.2
0.0.0.255
[Sysname] ipsec policy policy2 1 isakmp
[Sysname-ipsec-policy-isakmp-policy2-1] security acl 3002 aggregation
# Configure IPsec policy policy3 to reference ACL 3003, and set the data flow protection mode to
per-host.
<Sysname> system-view
[Sysname] acl number 3003
[Sysname-acl-adv-3003] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[Sysname-acl-adv-3003] quit
[Sysname] ipsec policy policy3 10 isakmp
[Sysname-ipsec-policy-isakmp-policy3-10] security acl 3003 per-host
Related commands
ipsec policy (system view)
synchronization anti-replay-interval (IPsec policy view/IPsec
policy template view/IPsec profile view)
Use synchronization anti-replay-interval to set the inbound anti-replay window synchronization interval
and the outbound anti-replay sequence number synchronization interval.
Use undo synchronization anti-replay-interval to restore the defaults.
Syntax
synchronization anti-replay-interval inbound inbound-number outbound outbound-number
undo synchronization anti-replay-interval
Default
The inbound anti-replay window synchronization interval is 1000, and the outbound anti-replay
sequence number synchronization interval is 100000.
Views
IPsec policy view, IPsec policy template view, IPsec profile view