Mkmadddiscard – AMX NI-2100/3100/4100 User Manual

Appendix A: IPSec Configuration File

131

NI Series WebConsole & Programming Guide

mkmAddDiscard

mkmAddDiscard

NAME

mkmAddDiscard – add a discard Security Association

SYNOPSIS

mkmAddDiscard=cptr_mkm_sa

DESCRIPTION This rule adds a discard Security Association (SA). After adding an SA, mkmCommit must be

called to commit the SA to the Security Association Database (SADB).

Rule Value:

cptr_mkm_sa

A string formatted as follows:

saNumber

protocolSelector[/destinationPort/

sourcePort],destinationAddressSelector,sourceAddressSelector,

directionality,mirroring

where
- saNumber is a decValue, a unique number to be assigned to the SA.
- protocolSelector is the IANA IP protocol number, decValue | ANY. Use 6 for TCP or 17 for
UDP.
- destinationPort and sourcePort are decValue | ANY.
- destinationAddressSelector and sourceAddressSelector are:

ipAddress1[-ipAddress2 | /ipMaskPrefix].

- directionality is IN | OUT. If IN then this policy applies to traffic coming into the current host.
If OUT it applies to traffic going out of the current host. A mirrored policy will automatically be
created for the opposite traffic flow.
- mirroring is NOTMIRRORED | MIRRORED. NOTMIRRORED will create a policy only in the
specified direction. MIRRORED will create two policies, one in each direction.

EXAMPLES

IPv4:

mkmAddDiscard=9,17/ANY/17185,0.0.0.0/0,0.0.0.0/0,IN,NOTMIRRORED

IPv6:

mkmAddDiscard=9,17/ANY/17185,::/0,::/0,IN,NOTMIRRORED

Config String
Format

saNumber.protocolSelector[/destinationPort/sourcePort],

destinationAddressSelector,sourceAddressSelector,directionality,

mirroring