FAQ- The requirement of interested flow acl when usg configures ipsec

Publication Date:  2012-09-13 Views:  245 Downloads:  0
Issue Description
The configuration of interested flow acl is necessary when configure ipsec on usg, the requirement of configuration as bellow:
1、 suggest acl regulation configured on two-ends is the mirror for each other. Configure to mirror is not necessary, configure to mirror is more simple and not easier to make mistakes in practices application.
2、 Commonly, there is no problem exist if the boundary of acl regulation configured on initiator is smaller than responder’s. for IKEv2, acl regulation from both sides takes intersection.
Alarm Information
NULL
Handling Process
NULL
Root Cause
Interface G0/0/0 is management interface, not service interface, other functions of G0/0/0 are:
1、 implement out-of-band management connected with third-party management server.
2、 Act as heartbeat interface when topology for two-node cluster hot backup.
Suggestions
NULL

END