1752 and 1754 SHDSL Router User’s Guide
Option |
| Description |
|
| Default value |
|
interface name |
| Name of the interface |
|
| n/a |
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Selector name |
| Name of the selector |
|
| n/a |
|
|
|
|
|
|
|
|
Policy log |
| Enables or disables the status of the IPsec policy log. |
|
| false |
|
|
|
|
|
| ||
|
|
|
|
|
|
|
Policy status |
| Enables or disables the status of the IPsec policy. |
|
| false |
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Policy priority |
| The priority for the policy lookup. A lower priority value |
|
| n/a |
|
| means that this policy will be searched before a policy |
|
|
| ||
|
|
|
|
|
| |
|
| with a higher priority value. The priority value should be |
|
|
|
|
|
| between 1 and 65565 inclusive, but it cannot be set to |
|
|
|
|
|
| 255 or 256. These values are reserved for dynamic |
|
|
|
|
|
| policies. |
|
|
|
|
|
| e.g. 1. |
|
|
|
|
|
|
|
|
|
|
|
Policy action |
| The action specified by the policy (deny, bypass or |
|
| bypass |
|
|
| applyipsec) |
|
|
|
|
|
|
|
|
|
|
|
IPsec Policy Stats |
| statistics about the number of inbound and outbound |
|
| n/a |
|
for policy |
| packets that match a specific IPsec policy. |
|
|
|
|
|
|
|
|
|
|
|
Complex SABundle |
| This option is only relevant if applyipsec has been |
|
| false |
|
| selected. It is used to control the interpretation of |
|
|
| ||
|
|
|
|
|
| |
|
| two tunnel mode SAs in an SA bundle as follows: |
|
|
|
|
|
| When two |
|
|
|
|
|
| bundle have the same local and peer end points and |
|
|
|
|
|
| complexsabundle is set to disable, then apart from |
|
|
|
|
|
| IPsec headers, only one new IP header is added on to |
|
|
|
|
|
| the original packet. For example, for an AH tunnel |
|
|
|
|
|
| - ESP tunnel SA bundle, the packet formed would |
|
|
|
|
|
| be as follows: |
|
|
|
|
|
|
|
|
|
| |
|
| If complexsabundle is set to enable, the packet |
|
|
|
|
|
| formed would be as follows: |
|
|
|
|
|
|
|
|
|
| |
Prefer Old Flag |
| When set to enable, this option specifies whether to |
|
| false |
|
| prefer the DYING SAs over MATURE SAs. When set to |
|
|
| ||
|
|
|
|
|
| |
|
| disable, MATURE SAs are preferred instead. This |
|
|
|
|
|
| option is only applicable if your image supports IKE. |
|
|
|
|
Step 4: Create IPSec SA
After successfully creating a new IPSec Policy, click on the Create IPSec SA link in step 4, and then Create IPSec SA page is shown as follows:
80 | June 2005 |