Allied Telesis AT-WR4500 manual

large packets with don't fragment flag will not be able to pass the router inherit - do not change the field

set - set the field, so that each packet matching the rule will not be fragmented. Not recommended dst-address(IP address/netmask:port; default: 0.0.0.0/32:any) - destination IP address dynamic (read-only: flag) - whether the rule has been created dynamically

in-accepted(integer) - how many incoming packets were passed through by the policy without an attempt to decrypt

in-dropped(integer) - how many incoming packets were dropped by the policy without an attempt to decrypt

in-transformed(integer) - how many incoming packets were decrypted (ESP) and/or verified (AH) by the policy

inactive (read-only: flag) - whether the rule is inactive (it may become inactive due to some misconfiguration)

ipsec-protocols(multiple choice: ah esp; default: esp) - specifies what combination of Authentication Header and Encapsulating Security Payload protocols you want to apply to matched traffic. AH is applied after ESP, and in case of tunnel mode ESP will be applied in tunnel mode and AH - in transport mode level (unique require use; default: require) - specifies what to do if some of the SAs for this policy cannot be found:

use - skip this transform, do not drop packet and do not acquire SA from IKE daemon require - drop packet and acquire SA

unique - drop packet and acquire a unique SA that is only used with this particular policy manual-sa(name; default: none) - name of manual-sa template that will be used to create SAs for this policy

none - no manual keys are set

out-accepted(integer) - how many outgoing packets were passed through by the policy without an attempt to encrypt

out-dropped(integer) - how many outgoing packets were dropped by the policy without an attempt to encrypt

out-transformed(integer) - how many outgoing packets were encrypted (ESP) and/or signed (AH) ph2-state(read-only: expired no-phase2 established) - indication of the progress of key establishing expired - there are some leftovers from previous phase2. In general it is similar to no-phase2no-phase2- no keys are estabilished at the moment

estabilished - Appropriate SAs are in place and everything should be working fine

priority (integer; default: 0) - policy ordering classificator (signed integer). Larger number means higher priority

proposal (name; default: default) - name of proposal information that will be sent by IKE daemon to establish SAs for this policy

protocol (name integer; default: all) - IP packet protocol to match

sa-dst-address(IP address; default: 0.0.0.0) - SA destination IP address (remote peer)

sa-src-address(IP address; default: 0.0.0.0) - SA source IP address (local peer)

src-address(IP address/netmask:port; default: 0.0.0.0/32:any) - source IP address

tunnel (yes no; default: no) - specifies whether to use tunnel mode