The resource acl command configures ACL information to be pushed by the headquarters device to the branch.
The undo resource acl command deletes ACL information pushed by the headquarters device to the branch.
By default, no ACL information is pushed by the headquarters device to the branch.
Parameter |
Description |
Value |
|---|---|---|
acl-number |
Specifies the number of an advanced ACL. |
The value is an integer that ranges from 3000 to 3999. |
Usage Scenario
When the headquarters and branch establish an IPSec tunnel in ACL mode, you need to configure an ACL to define data flows to be protected by IPSec. To facilitate configuration and maintenance of ACL information in the branch, run the resource acl command on the headquarters device to configure ACL information to be pushed by the headquarters device to the branch. After the first stage IKE SA is established, the headquarters device pushes ACL information to the branch after receiving a request for ACL information. Branch traffic whose destination is not defined in the ACL will not pass through an IPSec tunnel.
Prerequisites
An advanced ACL has been created.
Precautions
This command is only valid for IKEv1.
When creating an advanced ACL, run the rule command to add ACL rules. The subnet specified in this command must be valid. Otherwise, the gateway cannot successfully deliver the routing information.