[x]

 > Feature restrictions and guidelines

 

 Next

Feature restrictions and guidelines

ACLs for IPsec take effect only on traffic that is generated by the device and traffic that is destined for the device. They do not take effect on traffic forwarded through the device. For example, an ACL-based IPsec tunnel can protect log messages the device sends to a log server, but it cannot protect all the data flows and voice flows that are forwarded by the device. For more information about configuring an ACL for IPsec, see "Configuring an ACL."

Typically, IKE uses UDP port 500 for communication, and AH and ESP use the protocol numbers 51 and 50. Make sure traffic of these protocols is not denied on the interfaces with IKE or IPsec configured.

prev

 

up

 next

Implementing ACL-based IPsec 

home

 ACL-based IPsec configuration task list

© Copyright 2015, 2017 Hewlett Packard Enterprise Development LP