< Home

(Optional) Configuring Rate Limiting for IPSec Tunnels

Context

In an MIB table, an IPSec tunnel index is the unique identifier of an IPSec tunnel. During IPSec tunnel establishment, the device generates an IPSec tunnel index mapping table to record IPSec tunnel index to IPSec tunnel mapping. In this mapping table, the device searches for the corresponding IPSec tunnel based on an IPSec tunnel index. However, when an IPSec tunnel is re-established, its IPSec tunnel index changes by default. As a result, the IPSec tunnel cannot be found based on its previous IPSec tunnel index. In this case, configure the device to keep IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment. This configuration ensures that an IPSec tunnel can be found using its fixed IPSec tunnel index.

  • This function works only when devices on both ends use fixed IPv4 addresses and establish only one IPSec tunnel.

  • During IPSec tunnel re-establishment, this function allows the device to keep only the first 1024 IPSec tunnel indexes unchanged based on the sequence in which IPSec tunnels are re-established.
  • An IPSec tunnel index mapping table cannot be backed up, so this function does not work in active/standby scenarios.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipsec tunnel-index based remote-ip

    The device is configured to keep IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment.

    By default, the device is not configured to keep IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment.

Parent Topic: Using an ACL to Establish an IPSec Tunnel-CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >