Manuals / Nortel Networks / Computer Equipment / Network Card

Nortel Networks 608(WL), 620 manual Local match localmatch, Keyword Followed by a Network name

Models: 620 608(WL)

1 222
Download 222 pages 37.22 Kb
Page 217
Image 217

Local match [localmatch]

Chapter 6

Advanced Features

This setting is relevant in responder mode only.

It is optionally filled out. In a basic configuration it is left unset. When unset, the

SpeedTouch™ uses its dynamic IPSec policy capabilities to complete this field. The ipsec connection advanced command group allows manual control over this parameter.

The localmatch expresses the traffic policy for access to the local private network in responder mode. It describes which IP addresses, address ranges or subnets at the local side have access to the Security Association. During the Phase 2 negotiations, the proposals of the remote peer (initiator) are compared with the contents of the localmatch parameter. As a result, a local traffic selector is derived in compliance with the local and remote traffic policies.

The valid values for the localmatch parameter are limited to specific keywords, eventually followed by a network name.

Keyword:

Followed by a Network name:

 

 

exactly_

A symbolic name of a network

one_of_

descriptor, defined in the ipsec

subnet_of_

connection network command

subrange_of_

group.

 

 

black_ip

-

 

 

The meaning of the keywords is the following:

exactly_<network name>:

The proposal issued by the remote initiator must exactly match the network described by the symbolic network name. This network descriptor can designate an individual IP address, an IP address range, or an IP subnet. If the proposal of the remote initiator does not exactly match the designated net, then the local responder does not establish a Security Association.

one_of_ <network name>:

The proposal of the remote initiator must contain an IP address that lies within the range described by the symbolic network name in order to successfully set up the Security Association.

subnet_of_ <network name>:

The proposal of the remote initiator must contain a subnet that lies within the range described by the symbolic network name in order to successfully set up the Security Association.

subrange_of_ <network name>:

The proposal of the remote initiator must contain a subrange that lies within the range described by the symbolic network name in order to successfully set up the Security Association.

black_ip:

The proposal of the remote initiator must contain the public IP address of the SpeedTouch™.

E-DOC-CTC-20051017-0169 v0.1

215

 

Page 216 Page 218
Page 217
Image 217
Nortel Networks 608(WL), 620 manual Local match localmatch, Keyword Followed by a Network name
Page 216 Page 218