beautypg.com

Datatek IPv6 Transformer User Manual User Manual

Page 61

background image

S E C T I O N 8

W E B G U I S Y S T E M

61

address, the number of subnet mask bits are selected from a pull-down menu. A network address
may be the subnet on which the Transformer resides.

Destination IP

This is the destination IP address of the SP. This field is comprised of an IP address and a port
number. The IP address is matched against the destination address in the IP header and the port
number is matched against the port number in the higher layer protocol header. Leave the port
field blank to allow any port number if the higher layer protocol does not support port numbers.
The number of subnet mask bits is selected from a pull-down menu.

Direction

in specifies that the SP is matched against inbound packets while out specifies the SP is matched
against outbound packets.

Inbound packets may be received from the network side or host side.
Outbound packets are either originated by the Transformer or forwarded by the Transformer.
For example, a ping command initiated from the Transformer’s console creates an outbound
ICMP packet. Such a packet is matched against the parameters of an SP whose direction is out.

An example of an outbound packet that comes from forwarding is where packets are received
from the legacy host, translated and then forwarded towards the network. Whenever, a packet is
forwarded, it is considered to be in the outbound direction. Therefore, during the forwarding
process, the parameters of an SP whose direction is out are matched against the packet being
forwarded.

Higher Layer Protocol

IPsec allows an SP to match against the next higher layer protocol in the protocol stack. The
commonly used higher layer protocols, TCP, UDP, ICMP are selected from the pull-down
menu. To specify any other protocol, select other and enter the protocol number as it will appear
in the IP packet’s next header field. If the SP is to apply to all higher layer protocols, select any.

Policy

This is the action to take if the packet matches the selection criteria. The following actions are
supported:

• ipsec - Authentication and/or encryption is to be performed.

• discard - The packet is to be discarded.

• none - Accept the packet without any processing.

IPsec Protocol

IPsec supports the Authentication Header (AH) protocol and the Encapsulating Security Payload
(ESP) protocol. Select AH to provide authentication and integrity across the IP header, AH

This manual is related to the following products:
See also other documents in the category Datatek Equipment: