Allied Telesis AT-AR300 manual IP Security IPsec Source Interface Enhancements

Page 11

Software Release 2.3.1

11

IP Security (IPsec) Source Interface and

Enhancements

A source interface can now be specified for tunnelled IPsec traffic. The performance of IPsec is also enhanced, and more simultaneous IPsec tunnels are supported, because of the increase in ENCO channels.

A new SRCINTERFACE parameter has been added to the SET and CREATE IPSEC POLICY commands. The SRCINTERFACE parameter specifies which interface on the router will be used as the source interface for tunnelled IPsec traffic. If the SRCINTERFACE parameter is not specified, the router defaults to the INTERFACE parameter.

The syntax for these commands is now:

SET IPSEC POLICY=name [ACTION={DENYIPSECPERMIT}] [BUNDLESPECIFICATION=bundlespecification-id] [DFBIT={SET COPYCLEAR}] [GROUP={012}] [IPROUTETEMPLATE=template- name] [ISAKMPPOLICY=isakmp-policy-name] [LADDRESS={ANY ipadd[-ipadd]}] [LMASK=ipadd] [LNAME={ANYsystem-name}] [LPORT={ANYOPAQUEport}] [PEERADDRESS={ipaddANY DYNAMIC}] [POSTION=pos] [RADDRESS={ANYipadd[-ipadd]}] [RMASK=ipadd] [RNAME={ANYsystem-name}] [RPORT={ANYport OPAQUE}] [SRCINTERFACE=interface] [TRANSPORTPROTOCOL={ANY EGPESPGREICMPOPAQUEOSPFRSVPTCPUDPprotocol}] [UDPHEARTBEAT={TRUEFALSE}] [UDPPORT=port] [UDPTUNNEL={TRUEFALSE}] [USEPFSKEY={TRUEFALSE}]

CREATE IPSEC POLICY=name INTERFACE=interface ACTION={DENYIPSECPERMIT} [BUNDLESPECIFICATION=bundlespecification-id] [DFBIT={SET COPYCLEAR}] [GROUP={012}] [IPROUTETEMPLATE=template- name] [ISAKMPPOLICY=isakmp-policy-name] [KEYMANAGEMENT={ISAKMPMANUAL}] [LADDRESS={ANY ipadd[-ipadd]}] [LMASK=ipadd] [LNAME={ANYsystem-name}] [LPORT={ANYOPAQUEport}] [PEERADDRESS={ipaddANY DYNAMIC}] [POSTION=pos] [RADDRESS={ANYipadd[-ipadd]}] [RMASK=ipadd] [RNAME={ANYsystem-name}] [RPORT={ANYport

OPAQUE}] [SASELECTORFROMPKT={ALLLADDRESSLPORTNONE RADDRESSRPORTTRANSPORTPROTOCOL}] [SRCINTERFACE=interface] [TRANSPORTPROTOCOL={ANYEGPESP GREICMPOPAQUEOSPFRSVPTCPUDPprotocol}] [UDPHEARTBEAT={TRUEFALSE}] [UDPPORT=port] [UDPTUNNEL={TRUEFALSE}] [USEPFSKEY={TRUEFALSE}]

where:

interface is an interface name formed by joining a layer 2 interface type, an interface instance, and optionally a hyphen followed by a logical interface number in the range 0 to 15 (e.g. eth0, vlan1, ppp1-1).

Software Release 2.3.1 C613-10325-00 REV B

Page 10 Page 12
Image 11
Page 10 Page 12
Contents Software Release Rapier i Series IntroductionHardware Platforms Hot Swapping Network Service Modules Hot swap an NSM out of an NSM bay Software Features NSM Hot Swap Software Support Example output from the Show Interface commandDNS Caching Domain Name Server EnhancementsServer Selection Triggers for Ethernet Interfaces Automatic Nameserver ConfigurationTelnet Server Port Number Enco Channels IP Security IPsec Source Interface Enhancements Ospf on Demand Isdn Rule-based NAT Paladin Firewall EnhancementsInterface-based NAT Time Limited Rules New Command SyntaxRelease Note Software Release Required parameters for Firewall NAT rules Parameters Web Redirection with Reverse NAT RulesFirewall and IPsec Tunnel Further ExamplesStandard NAT Show Output Paladin Firewall Http Application Gateway ProxyHttp Filters Firewall Http Proxies and Firewall PoliciesADD Firewall POLICY=zone1 HTTPFILTER=banned.htp Http Cookies Show Firewall Policy Firewall Policy DebuggingHttp Proxy Filter File Vrrp Port MonitoringWhere Stepvalue is a decimal number in the range 1 to Border Gateway Protocol 4 BGP-4 Internet Protocol IP IP and Interface CountersTo reset IP interfaces, use the command Example output from the Show IP COUNTER=INTERFACE command Example output from the Show IP COUNTER=SNMP command Telephony PBX Functionality Errata Telnet Server Bandwidth LimitingEnable Telnet Server InstallationRelease Note
Top Page Image Contents