5.3.3.1. IP Security Feature
The IP Security feature can be used to restrict unauthorized IP
addresses from establishing a connection with the IPS-15. In the
default state, the IPS accepts incoming IP connections from all
hosts. To configure the IP Security feature, proceed as follows:
1. Accessthe IP Security Menu:
a) Web Browser Interface: The IP Security feature is
configured using the fields at the bottom of the Network
Parameters Menu as shown in Figure 5.7.
b) TextInterface: Go to the Network Parameters menu
(/N), type 5and press [Enter]. The IP Security menu
will be displayed as shown in Figure 5.9.
2. TheIP Security menu lists five IP Security "masks" along
with the selected permit/deny action for each mask.
a) Each Security Mask prompt defines a specific IP address
or range of addresses. Each Mask Action prompt defines
the permit/deny action for the corresponding mask.
b) Masks are listed in order of ascending priority; Mask 1
has the lowest priority, Mask 5 has the highest priority.
c) Masks have a cumulative effect; high priority masks
supersede the effect of lower priority masks.
d) Each IP Address consists of a series of four eight bit
numbers. The number 255 is used as a wild card.
Example 1: Deny access to all hosts except 192.1.1.5:
Security Mask #1: 255.255.255.255 Mask #1 Action: Deny
Security Mask #2: 192.1.1.5 Mask #2 Action: Permit
Since 255 is a wild card, Mask #1 blocks all IP Addresses. Mask #2
then specifically grants access to 192.1.1.5 only.
Example 2: Allow access only by addresses that begin with 192.
Security Mask #1: 255.255.255.255 Mask #1 Action: Deny
Security Mask #2: 192.255.255.255 Mask #2 Action: Permit
Since 255 is a wild card, Mask 1 blocks all IP addresses. Mask 2
then grants access to all addresses that begin with 192.