Manualshelf

Specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
331332333334335336337338339340
340 Chapter 8. Command Reference
IPaddress IP address allowed to be the source of the data (4 decimals separated by periods).
IPmask IP network mask (4 decimals separated by periods).
PolicyName Name of the IPsec policy to which the source parameter value is added. To see the policy
names, use the ike ipsec policies list command.
Example: ike ipsec policies set source 192.168.16.0 255.255.255.0 mypolicy
IKE IPSEC POLICIES SET SOURCEPORT
Defines a source port filtering parameter value for the policy. The source port parameter requires a specific source
port for the data or allows any source port (*) (Because port numbers are TCP and UDP specific, a port filter is
effective only when the protocol filter is TCP or UDP.)
PortNumber Source port whose data is allowed by the policy. The port can be specified by one of
TELNET the listed names or by its number. To allow data through for any source port, specify an
HTTP asterisk (*).
SMTP
TFTP
*
PolicyName Name of the IPsec policy to which the source port parameter value is added. To see the
policy names, use the ike ipsec policies list command.
Examples:
ike ipsec policies set sourceport * mypolicy
ike ipsec policies set sourceport http webpolicy
IKE IPSEC POLICIES SET TRANSLATE
Defines a translate filtering parameter value for the policy. The translate option determines whether the router
applies NAT (network address translation) before the packets are encrypted by IPSec.
Note: The remote must have IP address translation enabled (see NAT on page 91 and the remote setIpTranslate
command on page 279).
Note: The address that NAT translates to should be the source or destination address for the policy (use the set
source or set dest commands).
Use this option when several remote sites have the same IP subnet, making it impossible to tunnel those sites
unchanged to the corporate network.
When the routerÕs public IP address is not the desired choice for the network address translation, you can define a
virtual Ethernet interface. A virtual Ethernet interface can be created to translate to an arbitrary IP address (see
Multiple IP Subnets, on page 77). Again, be sure that the virtual Ethernet interface has IP address translation
enabled (eth ip translate, page 245), and use the virtual Ethernet interface as the gateway to the other end of the
ike ipsec policies set source <IPaddress> <IPmask> <PolicyName>
ike ipsec policies set sourceport <PortNumber | TELNET | HTTP | SMTP | TFTP | *> <PolicyName>