[x]

IKEv2 commands > match vrf (IKEv2 policy view)

 

 Next

match vrf (IKEv2 policy view)

Use match vrf to specify a VPN instance that an IKEv2 policy matches.

Use undo match vrf to restore the default.

Syntax

match vrf { name vrf-name | any }

undo match vrf

Default

No VPN instance is specified, and the IKEv2 policy matches all local IP addresses in the public network.

Views

IKEv2 policy view

Predefined user roles

network-admin

mdc-admin

Parameters

name vrf-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.

any: Specifies the public network and all VPN instances.

Usage guidelines

Each end must have an IKEv2 policy for the IKE_SA_INIT exchange. The initiator looks up an IKEv2 policy by the IP address of the interface to which the IPsec policy is applied and the VPN instance to which the interface belongs. The responder looks up an IKEv2 policy by the IP address of the interface that receives the IKEv2 packet and the VPN instance to which the interface belongs.

IKEv2 policies with this command configured are looked up before those that do not have this command configured.

Examples

# Create an IKEv2 policy named policy1.

<Sysname> system-view
[Sysname] ikev2 policy policy1

# Configure the IKEv2 policy to match VPN instance vpn1.

[Sysname-ikev2-policy-policy1] match vrf name vpn1

Related commands

display ikev2 policy

match local address

prev

 

up

 next

match remote 

home

 match vrf (IKEv2 profile view)

© Copyright 2018 Hewlett Packard Enterprise Development LP