Mirror image acls – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 873
852
Figure 904 ACL 3001 configuration on Device B
Figure 905 IPsec policy configuration on Device B
Mirror image ACLs
To make sure that SAs can be set up and the traffic protected by IPsec locally can be processed correctly
at the remote peer, on the remote peer, create a mirror image ACL rule for each ACL rule created at the
local peer. As shown in
, ACL rules on Device B are mirror images of the rules on Device A.
This ensures that SAs can be created successfully for the traffic between Host A and Host C and the traffic
between Network 1 and Network 2.
Figure 906 Mirror image ACLs
Network 2
2.2.2.0/24
Network 1
1.1.1.0/24
IP network
ACL1: rule permit 1.1.1.1 -> 2.2.2.2
Host A
1.1.1.1
Host B
Host C
2.2.2.2
Host D
Device A
Device B
GE0/1
GE0/2
Mirror image ACLs at Device A GE0/1 and Device B GE0/2
ACL2: rule permit 1.1.1.0/24 -> 2.2.2.0/24
ACL1: rule permit 2.2.2.2 -> 1.1.1.1
ACL2: rule permit 2.2.2.0/24 -> 1.1.1.0/24
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module