Manualshelf

Specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
331332333334335336337338339340
Chapter 8. Command Reference 337
IKE IPSEC POLICIES SET DESTPORT
Defines a destination port filtering parameter value for the policy. The destination port parameter requires a
specific destination port for the data or allows any destination port (*). (Because port numbers are TCP and UDP
specific, a port filter is effective only when the protocol filter is TCP or UDP.)
PortNumber Destination port whose data is allowed by the policy. The port can be specified by one of
TELNET the listed names or by its number. To allow data through for any destination port, specify an
HTTP asterisk (*).
SMTP
TFTP
*
PolicyName Name of the IPsec policy to which the destination port parameter value is added. To see the
policy names, use the ike ipsec policies list command.
Examples:
ike ipsec policies set destport * mypolicy
ike ipsec policies set destport http webpolicy
IKE IPSEC POLICIES SET INTERFACE
Defines an interface filtering parameter value for the policy. The policy is only used when the specified interface
is connected. For example, if the policy is to be used only when the Dial Backup remote is connected, you would
specify the remote name as the interface for the policy. (To read about Dial Backup, see page 103.)
Note: The specified interface must be the interface to the IKE peer.
Otherwise, if the policy can be used regardless of the connected interface, specify the string none.
This command is intended to allow the user to choose when to apply IPSec/IKE filters and incur the resulting
encryption and authentication costs. With this command, you can limit a policy to a specific interface.
interface Interface that must be connected when the policy is used. This is usually referenced by a
remote name, although it could be another interface such as Òethernet/0Ó. If no interface
restriction is to be set for this policy, specify the string all.
PolicyName Name of the IPsec policy to which the interface parameter value is added. To see the policies,
use the ike ipsec policies list command.
Examples:
This command requires that, when the remote interface backup comes up, IKE is enabled for packets
described by policy corporate. The specified interface (backup) must be the interface to the IKE peer.
ike ipsec policies set interface backup corporate
This command specifies that IKE is enabled for packets described by policy mypolicy regardless of the
interface the peer is on.
ike ipsec policies set destport <PortNumber | TELNET | HTTP | SMTP | TFTP | *> <PolicyName>
ike ipsec policies set interface <interface | all > <PolicyName>