No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
security acl

security acl

Function

The security acl command references an ACL.

The undo security acl command cancels the configuration.

By default, no ACL is referenced.

Format

security acl acl-number [ dynamic-source ]

undo security acl

Parameters

Parameter

Description

Value

acl-number

Specifies the number of an ACL.

An integer ranging from 3000 to 3999.

dynamic-source

Indicates that the IP address of the applied interface in the IPSec policy replaces the source IP address in its referenced ACL. This parameter is only valid in IPSec policy view.

-

Views

Manual IPSec policy view, IPSec policy view, IPSec policy template view, Efficient VPN policy view, GDOI policy view

Default Level

2: Configuration level

Usage Guidelines

The security acl command references an ACL that defines data flows to be protected by IPSec. In practice, you need to configure an ACL to define data flows to be protected and apply the ACL to an IPSec policy to protect the data flows.

When the ACL to be referenced is difficult to configured in advance and the branch subnet uses the translated dynamic dialup address to connect to the headquarters network through IPSec, specify dynamic-source to use the IP address of the outbound interface in the IPSec policy to replace the source IP address in its referenced ACL. The subnet mask uses 32 bits.

Example

# Reference ACL 3100 in a manually created IPSec policy.

<Huawei> system-view
[Huawei] acl number 3100
[Huawei-acl-adv-3100] rule permit tcp source 10.1.1.1 0.0.0.0 destination 10.1.1.2 0.0.0.0
[Huawei-acl-adv-3100] quit
[Huawei] ipsec policy policy1 100 manual
[Huawei-ipsec-policy-manual-policy1-100] security acl 3100
# Reference ACL 3101 in an IPSec policy, and replace the source IP address in its referenced ACL with the IP address of the applied interface in the IPSec policy.
<Huawei> system-view
[Huawei] acl number 3101
[Huawei-acl-adv-3101] rule permit ip destination 10.1.1.2 0.0.0.0
[Huawei-acl-adv-3101] quit
[Huawei] ipsec policy policy1 10 isakmp
[Huawei-ipsec-policy-isakmp-policy1-10] security acl 3101 dynamic-source
# Reference ACL 3101 in an Efficient VPN policy.
<Huawei> system-view
[Huawei] acl number 3101
[Huawei-acl-adv-3101] rule permit tcp source 10.1.1.1 0.0.0.0 destination 10.1.1.2 0.0.0.0
[Huawei-acl-adv-3101] quit
[Huawei] ipsec efficient-vpn name mode network
[Huawei-ipsec-efficient-vpn-name] security acl 3101
# Reference ACL 3101 in a GDOI policy.
<Huawei> system-view
[Huawei] acl number 3101
[Huawei-acl-adv-3101] rule permit ip destination 10.1.1.2 0.0.0.0
[Huawei-acl-adv-3101] quit
[Huawei] ipsec policy policy1 10 gdoi
[Huawei-ipsec-policy-gdoi-policy1-10] security acl 3101
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 59766

Downloads: 107

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next