3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
396 CHAPTER 22: IPSEC CONFIGURATION COMMANDS
Related command: ah authentication-algorithm, ipsec proposal, esp
encryption-algorithm, esp authentication-algorithm, encapsulation-mode
and proposal.
Example
# Set a proposal using AH.
[SecBlade_VPN] ipsec proposal prop1
[SecBlade_VPN-ipsec-proposal-prop1] transform ah
tunnel local Syntax
tunnel local ip-address
undo tunnel local
View
Manually-established IPsec policy view
Parameter
ip-address: Local address in dotted decimal format.
Description
Use the tunnel local command to set the local address of an IPsec policy.
Use the undo tunnel local command to delete the local address set in the IPsec
policy.
By default, the local address of an IPsec policy is not configured.
It is not necessary to set a local address for an IPsec policy in isakmp mode, so this
command is invalid in this situation. IKE can automatically obtain the local address
from the interface where this IPsec policy is applied.
As for the IPsec policy in manual mode, it is necessary to set the local address
before the SA can be established. A security tunnel is set up between the local and
remote end, so the local address and remote address must be correctly configured
before a security tunnel can be set up.
Related command: ipsec policy (system view), ipsec policy (interface view),
security acl , tunnel remote, sa duration and proposal.
Example
# Set the local address for the IPsec policy, which is applied at
GigabitEthernet0/0.1 whose IP address is 10.0.0.1.
[SecBlade_VPN] ipsec policy guangzhou 100 manual
[SecBlade_VPN-ipsec-policy-manual-guangzhou-100] tunnel local 10.0.0.1
[SecBlade_VPN-ipsec-policy-manual-guangzhou-100] quit
[SecBlade_VPN] interface Ethernet 1/0/0
[SecBlade_VPN-Ethernet1/0/0] ipsec policy guangzhou
tunnel remote Syntax
tunnel remote ip-address