Paradyne 1754 manual Create IPSec SA

Option

Description

Default value

interface name

Name of the interface

n/a

Selector name

Name of the selector

n/a

Policy log

Enables or disables the status of the IPsec policy log.

false

Policy status

Enables or disables the status of the IPsec policy.

false

Policy priority

The priority for the policy lookup. A lower priority value

n/a

means that this policy will be searched before a policy

with a higher priority value. The priority value should be

between 1 and 65565 inclusive, but it cannot be set to

255 or 256. These values are reserved for dynamic

policies.

e.g. 1.

Policy action

The action specified by the policy (deny, bypass or

bypass

applyipsec)

IPsec Policy Stats

statistics about the number of inbound and outbound

n/a

for policy

packets that match a specific IPsec policy.

Complex SABundle

This option is only relevant if applyipsec has been

false

selected. It is used to control the interpretation of

two tunnel mode SAs in an SA bundle as follows:

When two tunnel-mode SAs (SA1 and SA2) in a

bundle have the same local and peer end points and

complexsabundle is set to disable, then apart from

IPsec headers, only one new IP header is added on to

the original packet. For example, for an AH tunnel

- ESP tunnel SA bundle, the packet formed would

be as follows:

IP-AH-ESP-[IP_internal+Upper layer]

If complexsabundle is set to enable, the packet

formed would be as follows:

IP-AH-IP-ESP-[IP_internal+Upper layer]

Prefer Old Flag

When set to enable, this option specifies whether to

false

prefer the DYING SAs over MATURE SAs. When set to

disable, MATURE SAs are preferred instead. This

option is only applicable if your image supports IKE.

80

June 2005

1752-A2-GB20-00