Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-32
[3Com-ipsec-policy-manual-tianjin-100] proposal prop_ah
[3Com-ipsec-policy-manual-tianjin-100] sa spi inbound ah 10000
[3Com-ipsec-policy-manual-tianjin-100] sa string-key abcdef
[3Com-ipsec-policy-manual-tianjin-100] sa spi outbound ah 20000
[3Com-ipsec-policy-manual-tianjin-100] sa string-key efcdab
5.1.25 security acl
Syntax
security acl acl-number
undo security acl
View
IPSec policy view, IPSec policy template view
Parameter
acl-number: Specifies the number of the access control list used by the ipsec policy,
ranging 3000 to 3999.
Description
Use the security acl command to set an access control list to be used by the ipsec
policy.
Use the undo security acl command to remove the access control list used by the
ipsec policy.
By default, no ACL has been specified for the IPSec policies.
The data flow that will be protected by the IPSec policy is confined by the ACL in this
command. According to the rules in the ACL, IPSec determines which packets need
security protection and which do not. The packet permitted by the access control list will
be protected, and a packet denied by the access control list will not be protected. The
denied packets are sent out directly without IPSec protection.
Related command: ipsec policy(system view), ipsec policy(interface view), tunnel
local, tunnel remote, sa duration, proposal.
Example
# Set the ipsec policy as using access control list 3001.
[3Com] acl number 3001
[3Com-acl-adv-3001] rule permit tcp source 10.1.1.1 0.0.0.255 destination
10.1.1.2 0.0.0.255
[3Com] ipsec policy beijing 100 manual
[3Com-ipsec-policy-manual-beijing-100] security acl 3001