No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring ACL Delivery

(Optional) Configuring ACL Delivery


Only IKEv1 supports ACL delivery.

Efficient VPN uses the client/server model. It concentrates IPSec and other configurations on the Efficient VPN server (headquarters gateway). When basic parameters for establishing an SA are configured on the remote devices (branch gateways), the remote devices initiate a negotiation and establish an IPSec tunnel with the server. After IPSec tunnels are established, the Efficient VPN server allocates other IPSec attributes and network resources to the remote devices. Efficient VPN simplifies configurations and maintenance of IPSec and network resources for the branches.

The Efficient VPN server delivers headquarters network information defined in an ACL to the remote device. The ACL defines the headquarters subnets that branches can access. Traffic not destined for the subnets specified in the ACL is directly forwarded to the Internet. Such traffic does not pass through the IPSec tunnel.


  1. Run system-view

    The system view is displayed.

  2. Run ike peer peer-name

    An IKE peer is created and the IKE peer view is displayed.

  3. Run resource acl acl-number

    An ACL is created to define subnet information about the headquarters in the Efficient VPN.

    By default, no ACL is created to define subnet information about the headquarters in the Efficient VPN.

    acl-number is an advanced ACL.

    The sum of ACL rules pushed by the headquarters and ACL rules configured on the branch cannot exceed 512. Otherwise, the IPSec tunnels cannot be established.

Follow-up Procedure

Configure an Efficient VPN policy and reference the IKE peer on the Efficient VPN server to implement ACL delivery.

Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 151140

Downloads: 367

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next