Manualshelf

User guide

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
121122123124125126127128129130
Chapter 4. Configuring Special Features 127
Proposes the maximum number of kilobytes for the IPSec SA; 0 means unlimited. After the maximum
data is transferred, IKE renegotiates the connection. By limiting the amount of data that can be
transferred, you reduce the likelihood of the key being broken.
IKE IPSec Policy Commands
The IKE IPSec policy commands specify the filtering parameters for the IPSec SA.
ike ipsec policies add <PolicyName> Defines the name of a new IPsec policy.
ike ipsec policies delete <PolicyName> Deletes an existing IPSec policy.
ike ipsec policies list Lists the IPSec policies.
ike ipsec policies enable <PolicyName> Indicates that the specification of this IPSec policy is complete and
enables use of the policy.
ike ipsec policies disable <PolicyName> Disables an IPSec policy.
The following commands define the filtering parameters for the policy.
ike ipsec policies set peer <PeerName> <PolicyName>
Specifies an IKE peer that may be used for the connection. (The peer must have been defined by IKE
peer commands.)
ike ipsec policies set mode <TUNNEL | TRANSPORT> <PolicyName>
Specifies the encapsulation mode (tunnel or transport) that may be used for the connection. The default is
tunnel mode.
ike ipsec policies set proposal <ProposalName> <PolicyName>
Specifies an IKE IPSec proposal that may be used for the connection. (It must have been defined by IKE
IPSec proposal commands.) The policy may allow more than one value the proposal parameter. For
example, two set proposal commands could specify two proposals, either of which could be used by the
connection.
ike ipsec policies set source <IPaddress> <IPmask> <PolicyName>
Requires the data come from the specified source IP address and mask.
ike ipsec policies set dest <IPaddress> <IPmask> <PolicyName>
Requires the data be intended for the specified destination IP address and mask.
ike ipsec policies set protocol <ProtocolNumber | TCP | UDP | *> <PolicyName>
Requires a specific protocol that must be used or allows any protocol (*).
ike ipsec policies set sourceport <PortNumber | TELNET | HTTP | SMTP | TFTP | *> <PolicyName>
Requires a specific source port for the data or allows any source port (*) (Because port numbers are TCP
and UDP specific, a port filter is effective only when the protocol filter is TCP or UDP.)
ike ipsec policies set destport <PortNumber | TELNET | HTTP | SMTP | TFTP | *> <PolicyName>