Spdaddtunnel – AMX NI-2100/3100/4100 User Manual

Appendix A: IPSec Configuration File

121

NI Series WebConsole & Programming Guide

SpdAddTunnel

SpdAddTunnel

NAME

spdAddTunnel– create a tunnel mode policy in the SPD

SYNOPSIS

spdAddTunnel=pConfStr

DESCRIPTION This rule creates a tunnel mode policy in the SPD.

Rule Value:

pConfStr

A stringValue specifier formatted as follows:

protocolSelector[/destinationPort/sourcePort],

destinationAddressSelector, sourceAddressSelector,directionality,

useSelectors,keyManager,saProposalName, tunnelEndpointAddress

where:
- protocolSelector is a decValue IANA protocol number or ANY (6 for TCP or 17 for UDP).
- destinationPort is a decValue port number or ANY.
- sourcePort is a decValue port number or ANY.
- destinationAddressSelector is an address in the format:

ipAddress1[-ipAddress2 | /ipMaskPrefix].

- sourceAddressSelector is an address in the format:

ipAddress1[-ipAddress2 | /ipMaskPrefix].

- directionality is IN (for inbound) or OUT (for outbound). If IN, this policy applies to traffic
coming into the current host. If OUT, it applies to traffic going out of the current host. A mir-
rored policy is automatically created for the opposite traffic flow.
- useSelectors is PACKET (use packet selectors) or POLICY (use policy selectors).
- keyManager is MANUAL (manual negotiation) or IKE (key negotiation).
- saProposalName is an SA proposal name.
- tunnelEndpointAddress is the remote gateway. You must specify a single valid IPv4 or IPv6
host address. You cannot specify multiple endpoints.

EXAMPLES

IPv4:

spdAddTunnel=ANY,0.0.0.0/0,10.8.30.30,OUT,POLICY,MANUAL,

qm_sa_default,10.9.9.180

IPv6:

spdAddTunnel=ANY,::/0,3ffe:4::1,OUT,POLICY,MANUAL,qm_sa_default,

3ffe:1::2

Config String
Format

protocolSelector[/destinationPort/sorucePort],

destinationAddressSelector,sourceAddressSelector,directionality,

useSelector,keyManager,saProposalName,tunnelEndpointAddress