SecurityDescriptionUsing the security acl command, you can configure an access control list used bythe IPSec policy. Using the undo security acl command, you can cancel the accesscontrol list used by the IPSec policy.By default, no security ACL is configured.This command is applicable to the IPSec module of the operating system and cryptocard.The acl and rule commands are used to define the rules in an access control list.According to these rules, IPSec determines which packets need security protectionand which do not. The packet permitted by the access control list will be protected,and a packet denied by the access control list will not be protected.The access control list used by the IPSec policy does not decide which packets arepermitted or denied at an interface. Only the access control list directly applied at theinterface will make such a decision.For related commands, see ipsec policy (system view), ipsec policy (interfaceview), tunnel local, tunnel remote, sa duration, sa inbound/outbound, proposal.Example# Configure the IPSec policy as using access control list 101.[3Com] acl 101[3Com-acl-101] rule permit tcp source 10.1.1.1 0.0.0.255 destination 10.1.1.20.0.0.255[3Com] rule deny ip source any destination any[3Com] ipsec policy beijing 100 manual[3Com-ipsec-policy-beijing-100] security acl 1014.1.41 transformSyntaxtransform { ah-new | ah-esp-new | esp-new}undo transformViewIPSec proposal view & proposal view of cryto card85
