Manualshelf

R3166-R3206-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
67
security acl
Syntax
security acl acl-number [ aggregation ]
undo security acl
View
IPsec policy view, IPsec policy template view
Default level
2: System level
Parameters
acl-number: Number of the ACL for the IPsec policy to reference, in the range 3000 to 3999.
aggregation: Uses the data flow protection mode of aggregation. If you do not specify this keyword, the
standard mode is used.
Description
Use the security acl command to specify the ACL for the IPsec policy to reference.
Use the undo security acl command to remove the configuration.
By default, an IPsec policy references no ACL.
With an IKE-dependent IPsec policy configured, data flows can be protected in two modes:
Standard mode, in which one tunnel protects one data flow. The data flow permitted by each ACL
rule is protected by one tunnel that is established separately for it.
Aggregation mode, in which one tunnel protects all data flows permitted by all the rules of an ACL.
When the two peers support both data flow protection modes, they must be configured to work in the
same mode.
Related commands: ipsec policy (system view).
Examples
# Configure IPsec policy policy1 to reference ACL 3001.
<Sysname> system-view
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule permit tcp source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[Sysname-acl-adv-3001] quit
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] security acl 3001
# Configure IPsec policy policy2 to reference ACL 3002, setting the data flow protection mode to
aggregation.
<Sysname> system-view
[Sysname] acl number 3002
[Sysname-acl-adv-3002] rule 0 permit ip source 10.1.2.1 0.0.0.255 destination 10.1.2.2
0.0.0.255
[Sysname-acl-adv-3002] rule 1 permit ip source 10.1.3.1 0.0.0.255 destination 10.1.3.2
0.0.0.255
[Sysname] ipsec policy policy2 1 isakmp