< Home

tunnel local

Function

The tunnel local command specifies the local address of an IPSec tunnel.

The undo tunnel local command cancels the configuration.

By default, no local IP address is configured for the IPSec tunnel.

Format

tunnel local { ipv4-address | applied-interface }

undo tunnel local

Parameters

Parameter Description Value
ipv4-address Specifies an IPv4 address for the local end of an IPSec tunnel. The value is in dotted decimal notation.
applied-interface Indicates the primary IP address of the IPSec-enabled interface is used as the local address of an IPSec tunnel. -

Views

Efficient VPN policy view

Default Level

2: Configuration level

Usage Guidelines

You can run this command to specify a start point for an IPSec tunnel.

You do not need to configure an IP address for the local end of an IPSec tunnel. During SA negotiation, the device will select a proper address based on route information. The local address needs to be configured in the following situations:
  • If the IP address of the interface to which an IPSec policy is applied varies or is unknown, run the tunnel local ipv4-address command to specify the IP address of another interface (such as the loopback interface) on the device as the IP address for the local end of an IPSec tunnel. Otherwise, run the tunnel local applied-interface command to specify the IP address of the interface to which an IPSec policy is applied as the local address of an IPSec tunnel.
  • If the interface to which an IPSec policy is applied has multiple IP addresses (one primary IP address and several secondary IP addresses), run the tunnel local ipv4-address command to specify one of these IP addresses as the IP address for the local end of an IPSec tunnel. Otherwise, run the tunnel local applied-interface command to specify the primary IP address of the interface as the local address of an IPSec tunnel.
  • If equal-cost routes exist between the local and remote ends, run the tunnel local command to specify a local IP address for an IPSec tunnel.

Example

# Set the primary IP address of the interface to which the Efficient VPN policy in IKE negotiation mode is applied as the local IP address of the IPSec tunnel.
<HUAWEI> system-view
[HUAWEI] ipsec efficient-vpn name mode network
[HUAWEI-ipsec-efficient-vpn-name] tunnel local applied-interface
Parent Topic: IPSec Configuration Commands (IPSec Efficient VPN)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic