(Optional) Configuring the Device to Keep IPSecTunnel Indexes Unchanged Based on the Peer IP Address During IPSecTunnel Re-establishment

Context

When multiple IPSec tunnels are established on the device (for example, a branch device), traffic conflict occurs if the data traffic is high. You can set the rate limit for each IPSec tunnel. Excess traffic is then discarded and traffic on each tunnel can be correctly transmitted.

When the headquarter establishes IPSec tunnels with multiple branches, traffic conflict occurs between one branch and other branches if the data traffic of the branch is high. You can set the rate limit for each IPSec tunnel. Excess traffic is then discarded and traffic on each tunnel can be correctly transmitted.

Procedure

Run system-view
The system view is displayed.
Create an IPSec policy or IPSec policy template.
- Run ipsec policy policy-name seq-number [ manual | isakmp ]
  An IPSec policy is created and the IPSec policy view is displayed.
- Run ipsec policy-template template-name seq-number
  An IPSec policy template is created and the IPSec policy template view is displayed.
Run speed-limit { inbound | outbound } speed-limit [ policy-based | sa-based ]
Rate limiting is configured for IPSec tunnels.

If a local interface will receive high-volume traffic over an IPSec tunnel, configure inbound to limit the incoming traffic. If the local interface will send high-volume traffic over an IPSec tunnel, configure outbound to limit the outgoing traffic.