F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
185
This method is much more explicit and flexible than the QoS implementation method of enabling packet
information pre-extraction on the IPsec tunnel interface, which requires applying a QoS policy to the
physical outbound interface.
To apply a QoS policy to an IPsec tunnel interface:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter tunnel interface
view.
interface tunnel number N/A
3. Apply a QoS policy to
the IPsec tunnel interface.
qos apply policy policy-name { inbound |
outbound }
For more information about
the command, see Network
Management Command
Reference.
209BConfiguring IPsec for IPv6 routing protocols
The following matrix shows the feature and hardware compatibility:
Hardware Feature com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A No
U200-S No
IMPORTANT:
Do not apply an IPsec policy used for an IPv6 routin
g
protocol to an interface. If you do so, the interface
w
ill drop all packets, because the IPsec policy references no ACL.
Complete the following tasks to configure IPsec for IPv6 routing protocols:
Task Remarks
800H
Configuring an IPsec transform set Required.
801H
Configuring a manual IPsec policy
Required.
ACLs and IPsec tunnel addresses are not needed.
Applying an IPsec policy to an IPv6 routing
protocol
Required.
For information about how to configure IPsec for IPv6 BGP,
OSPFv3, and RIPng, see Network Management
Configuration Guide.
210BConfiguring IPsec stateful failover
In an IPsec stateful failover scenario, these restrictions apply: