< Home

(Optional) Configuring ACL Delivery

Context

Only IKEv1 supports ACL delivery.

To facilitate configuration and maintenance of ACL information in the branch, upon receiving a request for ACL information, the headquarters device pushes ACL information to the branch after the first stage IKE SA is established. Branch traffic whose destination is not defined in the ACL will not pass through an IPSec tunnel.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ike peer peer-name

    An IKE peer is created and the IKE peer view is displayed.

  3. Run resource acl acl-number

    ACL information to be pushed by the headquarters device to the branch is configured.

    By default, no ACL information is pushed by the headquarters device to the branch.

    The acl-number parameter specifies an existing advanced ACL.

Parent Topic: Configuring IKE-CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >