Paradyne 1754 manual Create IPSec SA

Page 80

1752 and 1754 SHDSL Router User’s Guide

Option

 

Description

 

 

Default value

 

interface name

 

Name of the interface

 

 

n/a

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Selector name

 

Name of the selector

 

 

n/a

 

 

 

 

 

 

 

 

Policy log

 

Enables or disables the status of the IPsec policy log.

 

 

false

 

 

 

 

 

 

 

 

 

 

 

 

 

Policy status

 

Enables or disables the status of the IPsec policy.

 

 

false

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Policy priority

 

The priority for the policy lookup. A lower priority value

 

 

n/a

 

 

means that this policy will be searched before a policy

 

 

 

 

 

 

 

 

 

 

 

with a higher priority value. The priority value should be

 

 

 

 

 

 

between 1 and 65565 inclusive, but it cannot be set to

 

 

 

 

 

 

255 or 256. These values are reserved for dynamic

 

 

 

 

 

 

policies.

 

 

 

 

 

 

e.g. 1.

 

 

 

 

 

 

 

 

 

 

 

Policy action

 

The action specified by the policy (deny, bypass or

 

 

bypass

 

 

 

applyipsec)

 

 

 

 

 

 

 

 

 

 

 

IPsec Policy Stats

 

statistics about the number of inbound and outbound

 

 

n/a

 

for policy

 

packets that match a specific IPsec policy.

 

 

 

 

 

 

 

 

 

 

 

Complex SABundle

 

This option is only relevant if applyipsec has been

 

 

false

 

 

selected. It is used to control the interpretation of

 

 

 

 

 

 

 

 

 

 

 

two tunnel mode SAs in an SA bundle as follows:

 

 

 

 

 

 

When two tunnel-mode SAs (SA1 and SA2) in a

 

 

 

 

 

 

bundle have the same local and peer end points and

 

 

 

 

 

 

complexsabundle is set to disable, then apart from

 

 

 

 

 

 

IPsec headers, only one new IP header is added on to

 

 

 

 

 

 

the original packet. For example, for an AH tunnel

 

 

 

 

 

 

- ESP tunnel SA bundle, the packet formed would

 

 

 

 

 

 

be as follows:

 

 

 

 

 

 

IP-AH-ESP-[IP_internal+Upper layer]

 

 

 

 

 

 

If complexsabundle is set to enable, the packet

 

 

 

 

 

 

formed would be as follows:

 

 

 

 

 

 

IP-AH-IP-ESP-[IP_internal+Upper layer]

 

 

 

 

Prefer Old Flag

 

When set to enable, this option specifies whether to

 

 

false

 

 

prefer the DYING SAs over MATURE SAs. When set to

 

 

 

 

 

 

 

 

 

 

 

disable, MATURE SAs are preferred instead. This

 

 

 

 

 

 

option is only applicable if your image supports IKE.

 

 

 

 

Step 4: Create IPSec SA

After successfully creating a new IPSec Policy, click on the Create IPSec SA link in step 4, and then Create IPSec SA page is shown as follows:

80

June 2005

1752-A2-GB20-00

Page 79 Page 81
Image 80
Page 79 Page 81
Contents 1754 Shdsl Routers Warranty, Sales, Service, and Training Information Important Safety Instructions Japan EMI NoticesUnited States EMI Notice Canada EMI NoticeActa Customer Information Contents Configuring the Router Using EmWeb Diagnostic and Troubleshooting Features Series OverviewSpecifications ApplicationsLED Hardware Setup and Startup Front Panel LED and Rear Panel descriptionDSL Connectors Description Restore Factory Defaults/Reboot ButtonParts check Hardware Connection Model RJ45 RJ11 Switch Internet Configuring Windows PCs Windows XPJune Windows Windows MeWindows 95 Select Network Protocol dialog box appearsWindows NT Configuring Apple PCs Mac OSMac OS 8.x or Accessing EmWeb About EmWeb pagesStatus Pages System status Physical port connection status1754 Shdsl Router User’s Guide 1754 Shdsl Router User’s Guide Wire Pair DSL Pair to Use Illustration 1754 Shdsl Router User’s Guide Bridge/Router Interfaces System information Event LogSetup pages WAN ConnectionCreating a WAN service Editing a WAN serviceCreating a virtual interface routed services only LAN SetupDeleting a WAN service Configuring primary and secondary LAN connections LAN connectionsCreating virtual interfaces Dhcp Server Enabling/disabling the Dhcp serverCreating a Dhcp server subnet Editing a Dhcp Subnet Creating a Fixed Host Dhcp Relay Enabling/disabling Dhcp relayConfiguring DNS servers Editing/deleting entries in the Dhcp relay listDNS Client DNS RelayConfiguring the DNS relay list Sntp Client Synchronize Client with NTP ServerConfigure SNTP-NTP Server Configure Sntp Client ModeSetting the System Clock Quick Setup System PagesFirmware Update Backup/RestoreRestart Router Restoring your configurationSave configuration Authentication Editing or Deleting a Login AccountAdvanced Pages SecurityEnabling Security Enabling Firewall and/or Intrusion DetectionConfiguring security interfaces NATConfiguring NAT Configuring NAT Global Addresses1754 Shdsl Router User’s Guide Configuring NAT Reserved Mapping Configuring Firewall Policies Configuring validators Configuring Triggers Configuring Intrusion Detection Settings 1754 Shdsl Router User’s Guide IP Routes Editing a routeBridge Deleting a routeCreating an IP V4 Route Global Bridge Configuration Vlan configuration Spanning bridge configurationInterface Configuration PvidPriority map configuration Default value 1754 Shdsl Router User’s Guide Edit Tagged Ports Vlan IDEdit untagged Ports Create a new Vlan1754 Shdsl Router User’s Guide VPN VPN StatusField Description Field Description SPI Edit IPSec Config Create a new IPSec selectorCreate IPSec Interface Create IPSec SA Conexantconexantconexant Des Snmp Ports Wire Mode DSL Pair to Use Illustration Diagnostic and Troubleshooting
Top Page Image Contents