beautypg.com

Command reference updates, Create ipsec policy – Allied Telesis RAPIER I User Manual

Page 173

background image

Software Version 2.8.1

173

Software Version 2.8.1
C613-10477-00 REV B

Command Reference Updates

This section describes the changed portions of modified commands and output
screens. For modified commands and output, the new parameters, options,
and fields are shown in bold.

create ipsec policy

Syntax

CREate IPSec POLicy=name INTerface=interface

ACtion={DEny|IPsec|PErmit} [IPVersion={4|6}]

[BUNDlespecification=bundlespecification-id]

[DFBit={SEt|COpy|CLear}] [GROup={0|1|2}]

[ICmptype={list|NDALL}] [IPROUtetemplate=template-name]

[ISAkmppolicy=isakmp-policy-name]

[KEYmanagement={ISakmp|MAnual}]

[LADdress={ANy|ipv4add[-ipv4add]

|ipv6add[/prefix-length]|ipv6add-ipv6add}]

[LMAsk=ipv4add] [LNAme={ANy|system-name}]

[LPort={ANy|OPaque|port}]

[PEERaddress={ipv4add|ipv6add|ANy|DYnamic}]

[POSition=1..100] [RADdress={ANY|ipv4add[-ipv4add]|

ipv6add[/prefix-length]|ipv6add-ipv6add}]

[RESPondbadspi={True|False}]

[RMAsk=ipv4add]

[RNAme={ANy|system-name}] [RPort={ANy|port|OPaque}]

[SASElectorfrompkt={ALL|LADdress|LPort|NONE|RADdress|

RPort|TRAnsportprotocol}] [SRCInterface=interface]

[TRAnsportprotocol={ANy|EGp|ESp|GRe|ICmp|OPaque|OSpf|

RSvp|TCp|UDp|protocol}] [UDPHeartbeat={True|False}]

[UDPPort=port] [UDPTunnel={True|False}]

[USEPFSKey={True|False}]

Parameter

Description

RESPondbadspi

Whether the router or switch sends a notification to the peer when
an IPsec packet is received with an unknown SPI value. This
establishes an ISAKMP SA to the sending peer. An initial contact
notification message is then sent, which tells the peer to delete SAs
associated with the router or switch.

This command is only valid when the action parameter is set to
ipsec, the keymanagement parameter is set to isakmp, and the
peeraddress parameter is set to an IPv4 address. Messages will only
be sent if the ISAKMP policy for this peer has the mode parameter
set to main and the sendnotify parameter set to true.

Default: false

False

A notification is not sent.

True

A notification is sent.

This manual is related to the following products:
See also other documents in the category Allied Telesis Computer Accessories: