The sa binding vpn-instance command binds a VPN instance to an IPSec tunnel.
The undo sa binding vpn-instance command unbinds a VPN instance from an IPSec tunnel.
By default, no VPN instance is bound to an IPSec tunnel.
Parameter |
Description |
Value |
|---|---|---|
vpn-instance-name |
Specifies the name of the VPN instance bound to an IPSec tunnel. |
The value is an existing VPN instance name. |
Applicable environment
On an VPN with small VPN sites, if CEs and PEs are connected through the Internet but not leased lines, hosts connected to a CE can access resources on another VPN site only through the insecure Internet. To enhance access security, these hosts can connect to the backbone network of the VPN through an IPSec tunnel.
This command specifies the VPN that the remote end of the IPSec tunnel belongs to. The tunnel initiator then can obtain the outbound interface and send packets through the outbound interface.
Prerequisites
A VPN instance has been created using the ip vpn-instance command.
A route distinguisher (RD) for the VPN instance has been configured using the route-distinguisher command.
# Bind the VPN instance vpna to the Efficient VPN policy evpn.
<HUAWEI> system-view [HUAWEI] ip vpn-instance vpna [HUAWEI-vpn-instance-vpna] ipv4-family [HUAWEI-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1 [HUAWEI-vpn-instance-vpna-af-ipv4] vpn-target 100:100 [HUAWEI-vpn-instance-vpna-af-ipv4] quit [HUAWEI-vpn-instance-vpna] quit [HUAWEI] ipsec efficient-vpn evpn mode client [HUAWEI-ipsec-efficient-vpn-evpn] sa binding vpn-instance vpna