3Com 11.1 Policyname Name you assign to the policy you are adding, Be all or ALL, Srcipaddr/mask

64CHAPTER 33: IPSEC SERVICE PARAMETERS

UDP [(<src_port>, <dst_port>)...up to 16 pairs]

<encrypt_algorithm> : 3DES2key DES RC5

<auth_algorithm> : MD5 SHA

<portlist >: 1-65535 * Archie DNS Finger FTP FTPData Gopher HTTP NFS NNTP NTP POP2 POP3 PortMap RIP SMTP SNMP SNMPTrap Syslog Telnet TFTP WAIS

DELete !<portlist> -IPSEC POLicy (<policy_name> ALL)

SHow !<portlist> -IPSEC POLicy [<policy_name>]

Default ■ encrypt_algorithms = DES

■auth_algorithms = MD5

Description The manualPOLicy parameter adds IPSEC policies to a port. You must enable the IPSEC CONTrol parameter on the port for policies to be active. You can add more than one policy on a port. If more than one policy applies, the last policy entered is used

A manual policy consists of an action, the packet types that require the action, and the source and destination addresses between which the action occurs.You must also use the SETDefault command with the ManualKeyInfo parameter.

The “mask” portion of the <scr_ipaddr/mask> and <dst_ipaddr/mask> parameters is only used for special configurations and is normally not included. The <src_ipaddr> parameter will normally be one of the router’s IP addresses. The <dst_ipaddr> parameter will normally be one of the peer system’s local IP addresses. Alternatively, DYNamic can be specified instead of <dst_ipaddr> when the destination IP address of the peer system is not known when the policy is configured. This would apply in cases where the peer system’s IP address is assigned dynamically using IPCP or DHCP.

It is recommended that IPSEC control or the PORT service control be disabled while configuring policies and enabled only after all IPSEC policy and key set configuration has been completed.

This command can be executed by users with network manager privileges only.

Values