To Next Page

To Previous Page

769

Related commands

ip-tunnel access-route

Use ip-tunnel access-route to specify the routes to be issued to clients.

Use undo ip-tunnel access-route to restore the default.

Syntax

ip-tunnel access-route { ip-address { mask-length | mask } | force-all | ip-route-list list-name }

undo ip-tunnel access-route

Default

No routes to be issued to clients are specified.

Views

SSL VPN policy group view

Predefined user roles

network-admin

Parameters

ip-address { mask-length | mask }: Configures a route to be issued to a client. The ip-address

argument specifies the destination address of the route. It cannot be a multicast, broadcast, or

loopback address. The mask-length argument specifies the mask length of the route, in the range of

0 to 32.

force-all: Forces all traffic to be sent to the SSL VPN gateway.

ip-route-list list-name: Issues routes in the specified route list to a client. The list-name argument

specifies the route list name, a case-insensitive string of 1 to 31 characters. The specified route list

must have been created by the ip-route-list command.

Usage guidelines

When a client accesses an SSL VPN gateway in IP mode, the SSL VPN gateway issues the

configured route or the specified routes to the client. The client adds the routes, using the VNIC as

the output interface. Packets from the client to the internal servers match the routes, and therefore

are sent to the SSL VPN gateway through the VNIC.

After you execute the ip-tunnel access-route force-all command, the SSL VPN gateway issues a

default route to the SSL VPN client. The default route uses the VNIC as the output interface and has

the highest priority among all default routes on the client. Packets for destinations not in the routing

table are sent to the SSL VPN gateway through the VNIC. The SSL VPN gateway monitors the SSL

VPN client in real time. It does not allow the client to delete the default route or add a default route

with a higher priority.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In the view of policy group pg1, configure the SSL VPN gateway to issue routes in the route list

rtlist to a client.

<Sysname> system-view

[Sysname] sslvpn context ctx1

[Sysname-sslvpn-context-ctx1] ip-route-list rtlist

[Sysname-sslvpn-context-ctx1-route-list-rtlist] include 10.0.0.0 8

[Sysname-sslvpn-context-ctx1-route-list-rtlist] include 20.0.0.0 8

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS