(Optional) Configuring ACL Delivery
Context
Efficient VPN uses the client/server model. It concentrates IPSec and other configurations on the Efficient VPN server (headquarters gateway). When basic parameters for establishing an SA are configured on the remote devices (branch gateways), the remote devices initiate a negotiation and establish an IPSec tunnel with the server. After IPSec tunnels are established, the Efficient VPN server allocates other IPSec attributes and network resources to the remote devices. Efficient VPN simplifies configurations and maintenance of IPSec and network resources for the branches.
The Efficient VPN server delivers headquarters network information defined in an ACL to the remote device. The ACL defines the headquarters subnets that branches can access. Traffic not destined for the subnets specified in the ACL is directly forwarded to the Internet. Such traffic does not pass through the IPSec tunnel.
Procedure
- Run system-view
The system view is displayed.
- Run ike peer peer-name
An IKE peer is created and the IKE peer view is displayed.
- Run resource acl acl-number
An ACL is created to define subnet information about the headquarters in the Efficient VPN.
By default, no ACL is created to define subnet information about the headquarters in the Efficient VPN.
acl-number is an advanced ACL.
The sum of ACL rules pushed by the headquarters and ACL rules configured on the branch cannot exceed 512. Otherwise, the IPSec tunnels cannot be established.