176

Enhancements to IPsec/VPN

Release Note

set ipsec policy

Syntax SET IPSec POLIcy=name [ACtion={DEnyIPSecPErmit}] [BUNDlespecification=bundlespecification-id] [DFBit={SEtCOpyCLear}] [GROup={012}] [ICmptype={listNDall}] [IPROUtetemplate=template-name] [IPVersion={46}] [ISAkmppolicy=isakmp-policy-name] [LADdress={ANyipv4add[-ipv4add] ipv6add[/prefix-length]ipv6add-ipv6add}] [LMAsk=ipv4add] [LNAme={ANysystem-name}] [LPort={ANyOPaqueport}] [PEERaddress={ipv4addipv6addANyDYNAMIC}] [PKTDebuglength=1..1500] [POSition=1..100] [RADdress={ANyipv4add[-ipv4add] ipv6add[/prefix-length]ipv6add-ipv6add}] [RESPondbadspi={TrueFalse}] [RMASK=ipv4add] [RNAme={ANysystem-name}] [RPort={ANyportOPaque}] [SASElectorfrompkt={ALLLADdressLPortNONERADdress RPortTRAnsportprotocol}] [SRCInterface=interface] [TRAnsportprotocol={ANyEGpESpGReICmpOPaqueOSpf RSvpTCpUDpprotocol}] [UDPHeartbeat={TrueFalse}] [UDPPort=port] [UDPTunnel={TrueFalse}] [USEPFSKey={TrueFalse}]

Parameter

Description

 

 

 

RESPondbadspi

Whether the router or switch sends a notification to the peer when

 

an IPsec packet is received with an unknown SPI value. This

 

establishes an ISAKMP SA to the sending peer. An initial contact

 

notification message is then sent, which tells the peer to delete SAs

 

associated with the router or switch.

 

This command is only valid when the action parameter is set to

 

ipsec, the keymanagement parameter is set to isakmp, and the

 

peeraddress parameter is set to an IPv4 address. Messages will only

 

be sent if the ISAKMP policy for this peer has the mode parameter

 

set to main and the sendnotify parameter set to true.

 

Default: false

 

 

 

 

 

False

A notification is not sent.

 

 

 

 

True

A notification is sent.

 

 

 

Software Version 2.8.1 C613-10477-00 REV B

Page 176
Image 176
Allied Telesis RAPIER I, X900-48FE, AT-8900, AT-8700XL, AT-9900, AT-8600, AT-9800, AT-8800 manual Set ipsec policy, RESPondbadspi