1752 and 1754 SHDSL Router User’s Guide
Option Description Default value interface name Name of the interface n/a
Selector name Name of the selector n/a
Policy log Enables or disables the status of the IPsec policy log. false
Policy status Enables or disables the status of the IPsec policy. false
Policy priority The priority for the policy lookup. A lower priority value
means that this policy will be searched before a policy
with a higher priority value. The priority value should be
between 1 and 65565 inclusive, but it cannot be set to
255 or 256. These values are reserved for dynamic
policies.
e.g. 1.
n/a
Policy action The action specified by the policy (deny, bypass or
applyipsec)
bypass
IPsec Policy Stats
for policy
statistics about the number of inbound and outbound
packets that match a specific IPsec policy.
n/a
Complex SABundle This option is only relevant if applyipsec has been
selected. It is used to control the interpretation of
two tunnel mode SAs in an SA bundle as follows:
When two tunnel-mode SAs (SA1 and SA2) in a
bundle have the same local and peer end points and
complexsabundle is set to disable, then apart from
IPsec headers, only one new IP header is added on to
the original packet. For example, for an AH tunnel
- ESP tunnel SA bundle, the packet formed would
be as follows:
IP-AH-ESP-[IP_internal+Upper layer]
If complexsabundle is set to enable, the packet
formed would be as follows:
IP-AH-IP-ESP-[IP_internal+Upper layer]
false
Prefer Old Flag When set to enable, this option specifies whether to
prefer the DYING SAs over MATURE SAs. When set to
disable, MATURE SAs are preferred instead. This
option is only applicable if your image supports IKE.
false
Step 4: Create IPSec SA After successfully creating a new IPSec Policy, click on the Create IPSec SA link in step 4, and then Create IPSec SA page is shown as follows: 80 June 2005 1752-A2-GB20-00