Set ipsec policy – Allied Telesis RAPIER I User Manual

176

Enhancements to IPsec/VPN

Release Note

Software Version 2.8.1
C613-10477-00 REV B

set ipsec policy

Syntax

SET IPSec POLIcy=name [ACtion={DEny|IPSec|PErmit}]

[BUNDlespecification=bundlespecification-id]

[DFBit={SEt|COpy|CLear}] [GROup={0|1|2}]

[ICmptype={list|NDall}] [IPROUtetemplate=template-name]

[IPVersion={4|6}] [ISAkmppolicy=isakmp-policy-name]

[LADdress={ANy|ipv4add[-ipv4add]|

ipv6add[/prefix-length]|ipv6add-ipv6add}]

[LMAsk=ipv4add] [LNAme={ANy|system-name}]

[LPort={ANy|OPaque|port}]

[PEERaddress={ipv4add|ipv6add|ANy|DYNAMIC}]

[PKTDebuglength=1..1500] [POSition=1..100]

[RADdress={ANy|ipv4add[-ipv4add]

|ipv6add[/prefix-length]|ipv6add-ipv6add}]

[RESPondbadspi={True|False}]

[RMASK=ipv4add]

[RNAme={ANy|system-name}] [RPort={ANy|port|OPaque}]

[SASElectorfrompkt={ALL|LADdress|LPort|NONE|RADdress|

RPort|TRAnsportprotocol}] [SRCInterface=interface]

[TRAnsportprotocol={ANy|EGp|ESp|GRe|ICmp|OPaque|OSpf|

RSvp|TCp|UDp|protocol}] [UDPHeartbeat={True|False}]

[UDPPort=port] [UDPTunnel={True|False}]

[USEPFSKey={True|False}]

Parameter

Description

RESPondbadspi

Whether the router or switch sends a notification to the peer when
an IPsec packet is received with an unknown SPI value. This
establishes an ISAKMP SA to the sending peer. An initial contact
notification message is then sent, which tells the peer to delete SAs
associated with the router or switch.

This command is only valid when the action parameter is set to
ipsec, the keymanagement parameter is set to isakmp, and the
peeraddress parameter is set to an IPv4 address. Messages will only
be sent if the ISAKMP policy for this peer has the mode parameter
set to main and the sendnotify parameter set to true.

Default: false

False

A notification is not sent.

True

A notification is sent.