(Optional) Configuring ACL Delivery

Enterprise

Worldwide

Huawei Global - English

- South Africa - English
- Morocco - English
- Brazil - Português
- Mexico - Español
- United Arab Emirates - English
- Saudi Arabia - English
- Australia - English
- China - 简体中文
- Hong Kong, China - English
- India - English
- Japan - 日本語
- South Korea- English
- Kazakhstan - русский
- Malaysia - English
- Singapore - English
- Indonesia - English
- Thailand - English
- Philippines - English
- Austria - Deutsch
- Czech - English
- France - Français
- Germany - Deutsch
- Greece - English
- Hungary- English
- Italy - Italiano
- Poland - English
- Sweden - English
- Russia - русский
- Spain - Español
- Turkey - Türkçe
- United Kingdom - English
- Ukraine - English

Menu
Products and Services
Industries
Technical Support
Partners
Community

Most people search for
Switches Routers Servers Storage Data Center Energy Cloud Computing

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010 CLI-based Configuration Guide - VPN

This document describes VPN features on the device and provides configuration procedures and configuration examples.

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

(Optional) Configuring ACL Delivery

Context

Only IKEv1 supports ACL delivery.

Efficient VPN uses the client/server model. It concentrates IPSec and other configurations on the Efficient VPN server (headquarters gateway). When basic parameters for establishing an SA are configured on the remote devices (branch gateways), the remote devices initiate a negotiation and establish an IPSec tunnel with the server. After IPSec tunnels are established, the Efficient VPN server allocates other IPSec attributes and network resources to the remote devices. Efficient VPN simplifies configurations and maintenance of IPSec and network resources for the branches.

The Efficient VPN server delivers headquarters network information defined in an ACL to the remote device. The ACL defines the headquarters subnets that branches can access. Traffic not destined for the subnets specified in the ACL is directly forwarded to the Internet. Such traffic does not pass through the IPSec tunnel.

Procedure

Run system-view
The system view is displayed.
Run ike peer peer-name
An IKE peer is created and the IKE peer view is displayed.
Run resource acl acl-number
An ACL is created to define subnet information about the headquarters in the Efficient VPN.

By default, no ACL is created to define subnet information about the headquarters in the Efficient VPN.

acl-number is an advanced ACL.

The sum of ACL rules pushed by the headquarters and ACL rules configured on the branch cannot exceed 512. Otherwise, the IPSec tunnels cannot be established.

Follow-up Procedure

Configure an Efficient VPN policy and reference the IKE peer on the Efficient VPN server to implement ACL delivery.

Translation

简体中文

Download

Updated: 2022-05-16

Document ID: EDOC1100033725

Downloads: 1012

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode