Applying an ipsec policy group – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

862

Item Description

Reverse Route
Injection

Enable or disable IPsec RRI. When enabling IPsec RRI, you can specify a next hop and
change the preference of the static routes.
After an outbound IPsec SA is created, IPsec RRI automatically creates a static route to the
peer private network. You do not have to manually configure the static route.

IMPORTANT:

•

If you enable IPsec RRI and do not configure the static route, the SA negotiation must
be initiated by the remote gateways.

•

IPsec RRI creates static routes when IPsec SAs are set up, and delete the static routes
when the IPsec SAs are deleted.

•

To view the static routes created by IPsec RRI, select Network > IPv4 Routing from the

navigation tree.

Next Hop

Specify a next hop for the static routes.
If you do not specify any next hop, the remote tunnel endpoint's address learned during

IPsec SA negotiation is used.

Priority

Change the preference of the static routes.
Change the route preference for equal-cost multipath routing or route backup. If multiple
routes to the same destination have the same preference, traffic is balanced among them.

If multiple routes to the same destination have different preference values, the route with
the highest preference forwards traffic and all other routes are backup routes.

Applying an IPsec policy group

1.

From the navigation tree, select VPN > IPSec.
The page for the IPSec Application tab appears.

Figure 916 IPsec application list

2.

Click the icon for an interface.
The IPSec Application Setup page appears.

Figure 917 IPsec application configuration page

无法显示链接的图像。该文
件可能已被移动、重命名或
删除。请验证该链接是否指
向正确的文件和位置。