Mirror image acls – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 873
852
Figure 904 ACL 3001 configuration on Device B
Figure 905 IPsec policy configuration on Device B
Mirror image ACLs
To make sure that SAs can be set up and the traffic protected by IPsec locally can be processed correctly
at the remote peer, on the remote peer, create a mirror image ACL rule for each ACL rule created at the
local peer. As shown in
, ACL rules on Device B are mirror images of the rules on Device A.
This ensures that SAs can be created successfully for the traffic between Host A and Host C and the traffic
between Network 1 and Network 2.
Figure 906 Mirror image ACLs
Network 2
2.2.2.0/24
Network 1
1.1.1.0/24
IP network
ACL1: rule permit 1.1.1.1 -> 2.2.2.2
Host A
1.1.1.1
Host B
Host C
2.2.2.2
Host D
Device A
Device B
GE0/1
GE0/2
Mirror image ACLs at Device A GE0/1 and Device B GE0/2
ACL2: rule permit 1.1.1.0/24 -> 2.2.2.0/24
ACL1: rule permit 2.2.2.2 -> 1.1.1.1
ACL2: rule permit 2.2.2.0/24 -> 1.1.1.0/24