R2511-HP MSR Router Series Security Configuration Guide(V5)
475
To configure a GDOI IPsec policy:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Create a GDOI IPsec policy
entry and enter GDOI IPsec
policy entry view.
ipsec policy policy-name seq-number
gdoi
By default, no GDOI IPsec policy
exists.
For more information about this
command, see Security Command
Reference.
3. Reference a GDOI GM
group for the GDOI IPsec
policy entry.
group group-name
By default, no GDOI GM group is
referenced.
You can reference only one GDOI
GM group for a GDOI IPsec policy
entry. For a GDOI IPsec policy
entry to take effect, the referenced
GDOI GM group must have
correct KS addresses and group
ID.
4. Reference an ACL for the
GDOI IPsec policy entry.
security acl acl-number
Optional.
By default, no ACL is referenced.
Typically, there is no need to
reference an ACL unless you need
to filter traffic.
You can reference only one ACL
for a GDOI IPsec policy entry. Use
the permit rules of the ACL with
caution because packets matching
a permit rule are discarded.
For more information about this
command, see Security Command
Reference.
Applying a GDOI IPsec policy to an interface
After you apply a GDOI IPsec policy to an interface, the interface uses the group ID and KS addresses
in the GDOI GM group referenced by the policy to perform registration, and uses the local ACL and the
downloaded ACL for packet filtering and encryption.
To apply a GDOI IPsec policy to an interface:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface interface-type interface-number N/A