3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

394 CHAPTER 22: IPSEC CONFIGURATION COMMANDS

Use the undo security acl command to remove the access control list used by the

IPsec policy.

By default, no ACL has been specified for the IPsec policies.

The data flow that will be protected by the IPsec policy is confined by the ACL in

this command. According to the rules in the ACL, IPsec determines which packets

need security protection and which do not. The packet permitted by the access

control list will be protected, and a packet denied by the access control list will not

be protected. The denied packets are sent out directly without IPsec protection.

Related command: ipsec policy (system view), ipsec policy (interface view),

tunnel local, tunnel remote, sa duration, proposal.

Example

# Set the IPsec policy as using access control list 3001.

[SecBlade_VPN] acl number 3001

[SecBlade_VPN-acl-adv-3001] rule permit tcp source 10.1.1.1 0.0.0.255

destination 10.1.1.2 0.0.0.255

[SecBlade_VPN] ipsec policy beijing 100 manual

[SecBlade_VPN-ipsec-policy-manual-beijing-100] security acl 3001

time_out Syntax

time_out seconds

undo time_out

View

DPD structure view

Parameter

seconds: Time waiting for a DPD acknowledgement, in the range 1 to 60 seconds.

Description

Use the time_out command to configure the time waiting for a DPD

acknowledgement.

Use the undo time_out command to restore the default.

By default, the DPD acknowledgement timeout duration is 5 seconds.

Example

# Set time_out to two seconds.

[SecBlade_VPN-ike-dpd-aaa] time_out 2

# Reset time_out to five seconds.

[SecBlade_VPN-ike-dpd-aaa] undo time_out

transform Syntax

transform { ah | ah-esp | esp }