3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
DVPN Configuration 217
A Tunnel interface does not have a DVPN policy applied by default.
Configuring IPsec-encrypted data stream
Packets forwarded in a DVPN domain are processed by using the corresponding
ACL. The packets matching the ACL will be IPsec encrypted, while others will not.
Perform the following configuration in Tunnel interface view.
All packets that pass through the Tunnel interface are IPsec-encrypted by default.
Configuring a DVPN
class
After configuring parameters of a specified DVPN server used for clients to register
with the DVPN server in a DVPN class view (such as private IP address, public IP
address, and user name), you need to perform corresponding configuration on the
client side, as described in the following sections.
Creating a DVPN class and enter its view
You can create a DVPN class and enter its view, or remove an existing DVPN class
by performing the following operations. A DVPN class that is in use cannot be
removed.
Perform the following configuration in system view.
No DVPN class is configured by default.
Assigning a public IP address to a DVPN server
The IP address here refers to the fixed public IP address assigned to the DVPN
server.
Perform the following configuration in a DVPN class view.
Tab le 229 Configure/Remove the DVPN policy to be applied to the Tunnel interface
Operation Command
Configure the DVPN policy to be applied to
the Tunnel interface
dvpn policy dvpn-policy-name
Remove the DVPN policy applied to the
Tunnel interface
undo dvpn policy dvpn-policy-name
Tab le 230 Configure IPsec-encrypted data stream
Operation Command
Configure an ACL to specify packets that are
not IPsec-encrypted
dvpn security acl acl-number
Remove all configured ACLs undo dvpn security acl
Tab le 231 Create/Remove a DVPN class
Operation Command
Create and enter a DVPN class dvpn class dvpn-class-name
Remove a DVPN class view undo dvpn class dvpn-class-name