278
To configure a manual IPsec policy:
Ste
Command
Remarks
1. Enter system view. system-view N/A
2. Create a manual IPsec
policy and enter its
view.
ipsec policy policy-name
seq-number manual
By default, no IPsec policy exists.
3. Assign an ACL to the
IPsec policy.
security acl acl-number
Not needed for IPsec policies to be
applied to IPv6 routing protocols and
required for other applications.
By default, an IPsec policy references no
ACL.
An IPsec policy can reference only one
ACL. If you specify multiple ACLs for an
IPsec policy, only the last specified ACL
takes effect.
4. Assign an IPsec
proposal to the IPsec
policy.
proposal proposal-name
By default, an IPsec policy references no
IPsec proposal.
A manual IPsec policy can reference only
one IPsec proposal. To change an IPsec
proposal for an IPsec policy, you must
remove the current reference first.
5. Configure the two ends
of the IPsec tunnel.
• Configure the local address of
the tunnel:
tunnel local ip-address
• Configure the remote address of
the tunnel:
tunnel remote ip-address
Configuring the local address of the
tunnel is not needed for IPsec policies to
be applied to IPv6 routing protocols and
required for other applications.
Configuring the remote address of the
tunnel is required.
Both the local and remote addresses are
not configured by default.
6. Configure an SPI for an
SA.
sa spi { inbound | outbound } { ah |
esp } spi-number
By default, no SPI is configured for an
SA.
To Next Page
Loading...
