Specifications
Appendix A: IPSec Configuration File
136
NetLinx Integrated Controllers- WebConsole & Programming Guide (FMv3)
mkmAddDiscard
mkmAddDiscard
NAME mkmAddDiscard – add a discard Security Association
SYNOPSIS
mkmAddDiscard=cptr_mkm_sa
DESCRIPTION This rule adds a discard Security Association (SA). After adding an SA, mkmCommit must be
called to commit the SA to the Security Association Database (SADB).
Rule Value:
cptr_mkm_sa
A string formatted as follows:
saNumber
protocolSelector[/destinationPort/sourcePort],destinationAddressSelector,
sourceAddressSelector,directionality,mirroring
where
- saNumber is a decValue, a unique number to be assigned to the SA.
- protocolSelector is the IANA IP protocol number, decValue | ANY. Use 6 for TCP or 17 for
UDP.
- destinationPort and sourcePort are decValue | ANY.
- destinationAddressSelector and sourceAddressSelector are:
ipAddress1[-ipAddress2 | /ipMaskPrefix].
- directionality is IN | OUT. If IN then this policy applies to traffic coming into the current host.
If OUT it applies to traffic going out of the current host. A mirrored policy will automatically be
created for the opposite traffic flow.
- mirroring is NOTMIRRORED | MIRRORED. NOTMIRRORED will create a policy only in the
specified direction. MIRRORED will create two policies, one in each direction.
EXAMPLES IPv4:
mkmAddDiscard=9,17/ANY/17185,0.0.0.0/0,0.0.0.0/0,IN,NOTMIRRORED
IPv6:
mkmAddDiscard=9,17/ANY/17185,::/0,::/0,IN,NOTMIRRORED
Config String
Format
saNumber.protocolSelector[/destinationPort/sourcePort],
destinationAddressSelector,sourceAddressSelector,directionality,mirroring