[x]

 > Enabling ACL checking for de-encapsulated packets

 

 Next

Enabling ACL checking for de-encapsulated packets

This feature uses the ACL in the IPsec policy to match the IP packets that are de-encapsulated from incoming IPsec packets in tunnel mode, and it discards the IP packets that fail to match the ACL to avoid attacks using forged packets.

To enable ACL checking for de-encapsulated packets:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable ACL checking for de-encapsulated packets.

ipsec decrypt-check enable

By default, this feature is enabled.

prev

 

up

 next

Applying an IPsec policy to an interface 

home

 Configuring IPsec anti-replay

© Copyright 2015, 2017 Hewlett Packard Enterprise Development LP