ipsec tunnel-index based remote-ip
Function
The ipsec tunnel-index based remote-ip command configures the device to keep IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment.
The undo ipsec tunnel-index based remote-ip command disables the device from keeping IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment.
By default, the device is not configured to keep IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment.
Usage Guidelines
Usage Scenario
In an MIB table, an IPSec tunnel index is the unique identifier of an IPSec tunnel. During IPSec tunnel establishment, the device generates an IPSec tunnel index mapping table to record IPSec tunnel index to IPSec tunnel mapping. In this mapping table, the device searches for the corresponding IPSec tunnel based on an IPSec tunnel index. However, when an IPSec tunnel is re-established, its IPSec tunnel index changes by default. As a result, the IPSec tunnel cannot be found based on its previous IPSec tunnel index. To ensure that the IPSec tunnel can be found using its fixed IPSec tunnel index, run the ipsec tunnel-index based remote-ip command.
Precautions
This function works only when devices on both ends use fixed IPv4 addresses and establish only one IPSec tunnel.
- During IPSec tunnel re-establishment, this function allows the device to keep only the first 1024 IPSec tunnel indexes unchanged based on the sequence in which IPSec tunnels are re-established.
- An IPSec tunnel index mapping table cannot be backed up, so this function does not work in an active/standby switchover scenario.
