Method used to configure interfaces that support the IPSec VPN on USG firewalls

You can configure interfaces that support the IPSec VPN on USG firewalls as follows:
Generally, the IPSec supports the following interfaces: L3 physical ports, VLANIF interfaces, VLANIF interfaces, L2 interfaces, and tunnel interfaces configured for the VLAN, subinterfaces, and dialer interfaces.
1. Apply the IPSec policies for the L3 physical port as follows:
system-view //Enter the system view.
interface interface-type interface-number //Access the physical port.
ipsec policy policy-name [ auto-neg ] //Apply the IPSec policies.
2. Apply the IPSec security policy group for the L2 physical port as follows:
system-view //Enter the system view.
interface interface-type interface-number //Access the physical port.
ipsec policy policy-name [ auto-neg ] //Apply the IPSec policies.
Note: You need to configure the IP address of the VLAN where the L2 interface resides when establishing an IPSec tunnel over the L2 interface.
3. Apply the IPSec policies for the tunnel interface as follows:
system-view,
interface tunnel tunnel-number //Enter the tunnel interface view.
tunnel-protocol ipsec, //Set the Tunnel encapsulation mode to IPSec mode.
ipsec policy policy-name //Apply the security policy group for the tunnel interface.

Scroll to top