3Com 11.1 Policyname Name you assign to the policy you are adding, Be all or ALL, Srcipaddr/mask

Page 61

64CHAPTER 33: IPSEC SERVICE PARAMETERS

UDP [(<src_port>, <dst_port>)...up to 16 pairs]

<encrypt_algorithm> : 3DES2key DES RC5

<auth_algorithm> : MD5 SHA

<portlist >: 1-65535 * Archie DNS Finger FTP FTPData Gopher HTTP NFS NNTP NTP POP2 POP3 PortMap RIP SMTP SNMP SNMPTrap Syslog Telnet TFTP WAIS

DELete !<portlist> -IPSEC POLicy (<policy_name> ALL)

SHow !<portlist> -IPSEC POLicy [<policy_name>]

Default encrypt_algorithms = DES

auth_algorithms = MD5

Description The manualPOLicy parameter adds IPSEC policies to a port. You must enable the IPSEC CONTrol parameter on the port for policies to be active. You can add more than one policy on a port. If more than one policy applies, the last policy entered is used

A manual policy consists of an action, the packet types that require the action, and the source and destination addresses between which the action occurs.You must also use the SETDefault command with the ManualKeyInfo parameter.

The “mask” portion of the <scr_ipaddr/mask> and <dst_ipaddr/mask> parameters is only used for special configurations and is normally not included. The <src_ipaddr> parameter will normally be one of the router’s IP addresses. The <dst_ipaddr> parameter will normally be one of the peer system’s local IP addresses. Alternatively, DYNamic can be specified instead of <dst_ipaddr> when the destination IP address of the peer system is not known when the policy is configured. This would apply in cases where the peer system’s IP address is assigned dynamically using IPCP or DHCP.

It is recommended that IPSEC control or the PORT service control be disabled while configuring policies and enabled only after all IPSEC policy and key set configuration has been completed.

This command can be executed by users with network manager privileges only.

Values

policy_name

A name you assign to the policy you are adding.

 

<policy_name> can be 1 to 15 characters long, but cannot

 

be all or ALL.

src_ipaddr/mask,

The source and destination addresses of the packets. You

dst_ipaddr/mask

can specify either a single address or a range of addresses

DYNamic

using a mask.

 

You can specify DYNamic if you do not know the

 

destination address, for example, if the system’s IP address

 

is assigned dynamically using IPCP or DHCP.

Image 61
Contents NETBuilder Family Software Version 11.1 Release Notes Bayfront Plaza 3Com CorporationSanta Clara, California 95052-8145Contents Bcmfdinteg File Conversion Considerations Web Link Documentation Path Zmodem Time Out Known ProblemsCPU Utilization Statistic Deleting ATM Neighbors NAT Proxy ARP RouteDiscovery Sdhlc Half-Duplex Mode Web Link Login SupportDisplaying Configuration Profiles Dynamic Paths Limitations Accm Not ConfigurableCONFiguration Authentication Header AHConfiguring IPsec How IPsec Works PoliciesStatPollInterval Encryption Netbuilder Software Version Release NotesPackages Contact 3Com or your network supplierSupported PC Flash Memory Cards New ProductsLists 3Comapproved vendors of the PC flash memory card Approved 20 MB Flash Memory CardsVPN Features Layer Two Tunneling Protocol New FeaturesApproved Dram SIMMsAdditional RAS Enhancements Extensible Authentication ProtocolDhcp Proxy Encryption StrengthSummary of Encryption Strengths Virtual Circuit PrioritizationEncryption Key Algorithm Package ID LengthFirewall Enhancements IP Version 6 PhaseBGP-4 Enhancements Frame Relay PVC Q.933 Support Ospf Not-So-Stubby-Area NssaData Over Voice B-Channel Isdn Specification Boundary Router Remote LAN DetectionToken Ring in Fast Ethernet Tife Features Ascii Boot56/64K CSU/DSU External Loopback NETBuilder Web Link ImprovementsApplication Notes Upgrade Management Utilities and NETBuilder Upgrade LinkFlash Load Placing a Data OverToggle the respective paths. Type ExampleNew Features Application Notes Software NETBuilder II Software FeaturesVersion 11.1 for the NETBuilder bridge/router platforms NETBuilder II Firmware Requirements Other FeaturesNETBuilder II Firmware Requirements IBM ProtocolsSuperStack II NETBuilder SI Software Features 458 438Models Features Token Ring SuperStack II NETBuilder Ethernet and Token Ring FeaturesMemory Requirements Models Features Token Ring WAN Protocols OfficeConnect NETBuilder Software FeaturesModel and Software Package 112 132 111 145 131112 131 120 132 Additional OfficeConnect NETBuilder Models Software Features 116 117 137136 Memory Requirements Ruuhp111.1 Utilities for the Solaris 2.5 platformsUtilities for the HP-UX 10.x platforms Ruuaix111.1NETBuilder Upgrade Management Utilities Etc/passwd. You must add an entry can be ignored Known IssuesBridge Static Routes PROfile ServiceDLSw SVCsToken Ring a non-source routed frame Dialog boxes will be fully visible without scrollingSupported Asynchronous Modems Ports in DCE ModeSupported Synchronous Modem ModemsHistory, the PPP link does not come up IBM-Related Feature Settings for Token Ring Ports Frame Copy Errors under LAN Net Manager Token Ring Frame Copy Errors3Com Bridge/Routers and Supported Features Known Problems This system Interrupt the boot cycle and enter monitor modeValue SHow !profileID -PROFILE CONFiguration Notation Known Problems ADD !v1 -PPP ARU user, password Limitations Number of TCP Connections Processor/Frame Relay Relay port is Access for LLC2 TrafficFront-End IBM Boundary RoutingMultilink PPP SpeedPort running PPP Snmp ManagementSdlc Adjacent Link Service Point Source-RouteStations for Appn Source RouteSoftware Update Pages Using Netbuilder FamilyProcedures in this section describe how to configure IPsec Configuring IpsecConfiguring IPsec Replace with this chapterOn bridge/router, 2 enter Creating an Encryption PolicyCreating a Security Policy On bridge/router 2, enterManual key information, use For example, to create a new encryption key set, enterConfidentiality and data integrity To disable Ipsec on port 1, enterAssign an IP address to the tunnel virtual port by entering Enable Layer 2 Tunnelling by enteringCreate a route between the two tunnel endpoints by entering Configure an Ipsec policy/security association by enteringHow IPsec Works Enable Layer 2 Tunnelling Pptp by enteringCreate a route between two tunnel endpoints by entering Intercepted and viewedHow IPsec Works Configuring Ipsec Reference for Netbuilder Family CONFiguration Ipsec Service ParametersIpsec Service Parameters and Commands CONTrolKeySet ManualPOLicy ManualKeyInfoPolicyname Name you assign to the policy you are adding Is assigned dynamically using Ipcp or DhcpBe all or ALL Srcipaddr/maskPhase of the encrypt-decrypt-encrypt Encrypt phases, and the second 8 bytes for the decryptSpecifies Cipher Block Chaining mode of the Data 239.255.255.254Ipsec Service Parameters Rsvp Service Parameters REQuest MaxFlowRateRESerVation UDPEndcapAllRoutes SR Service ParametersPlace this page in front of Chapter ROUte ROUte SR Service Parameters SYS Service Parameters SYS Service Parameters StatPollInterval Weblink Service ParametersWeblink Service Parameters