security acl

Function

The security acl command specifies an ACL to be referenced in an IPSec policy or IPSec policy template.

The undo security acl command cancels the configuration.

By default, an IPSec policy or IPSec policy template does not reference an ACL.

Format

security acl acl-number

undo security acl

Parameters

Parameter	Description	Value
acl-number	Specifies the number of an ACL.	The value is an integer that ranges from 3000 to 3999.

Views

Efficient VPN policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The security acl command references an ACL that defines data flows to be protected by IPSec. In practice, you need to configure rules in an ACL to define data flows to be protected and apply the ACL to an IPSec policy to protect the data flows.

When an IPSec policy is created using an IPSec policy template, you can determine whether to define data flows to be protected by IPSec on the responder.

If data flows to be protected by IPSec are not specified on the responder, the responder accepts the range of data flows to be protected by IPSec defined on the initiator.
If data flows to be protected by IPSec are specified on the responder, the configuration on the responder must mirror that on the initiator or the range of protected data flows on the responder must contain the range of protected data flows on the initiator.

Precautions

To reference an ACL in an IPSec policy, ensure that rules must be configured in this ACL view and the number of rules configured in this ACL view does not exceed 32. Otherwise, this ACL cannot be referenced in this IPSec policy.

Example

# Reference ACL 3101 in an Efficient VPN policy.

<HUAWEI> system-view
[HUAWEI] acl number 3101
[HUAWEI-acl-adv-3101] rule permit tcp source 10.1.1.1 0.0.0.0 destination 10.1.1.2 0.0.0.0
[HUAWEI-acl-adv-3101] quit
[HUAWEI] ipsec efficient-vpn name mode network
[HUAWEI-ipsec-efficient-vpn-name] security acl 3101