Support User Manuals

Allied Telesis AT-AR300 Network Router User Manual

Open as PDF

of 36

Software Release 2.3.1 11

Software Release 2.3.1

C613-10325-00 REV B

IP Security (IPsec) Source Interface and

Enhancements

A source interface can now be specified for tunnelled IPsec traffic. The

performance of IPsec is also enhanced, and more simultaneous IPsec tunnels

are supported, because of the increase in ENCO channels.

A new SRCINTERFACE parameter has been added to the SET and CREATE

IPSEC POLICY commands. The SRCINTERFACE parameter specifies which

interface on the router will be used as the source interface for tunnelled IPsec

traffic. If the SRCINTERFACE parameter is not specified, the router defaults to

the INTERFACE parameter.

The syntax for these commands is now:

SET IPSEC POLICY=name [ACTION={DENY|IPSEC|PERMIT}]

[BUNDLESPECIFICATION=bundlespecification-id] [DFBIT={SET|

COPY|CLEAR}] [GROUP={0|1|2}] [IPROUTETEMPLATE=template-

name] [ISAKMPPOLICY=isakmp-policy-name] [LADDRESS={ANY|

ipadd[-ipadd]}] [LMASK=ipadd] [LNAME={ANY|system-name}]

[LPORT={ANY|OPAQUE|port}] [PEERADDRESS={ipadd|ANY|

DYNAMIC}] [POSTION=pos] [RADDRESS={ANY|ipadd[-ipadd]}]

[RMASK=ipadd] [RNAME={ANY|system-name}] [RPORT={ANY|port|

OPAQUE}] [SRCINTERFACE=interface] [TRANSPORTPROTOCOL={ANY|

EGP|ESP|GRE|ICMP|OPAQUE|OSPF|RSVP|TCP|UDP|protocol}]

[UDPHEARTBEAT={TRUE|FALSE}] [UDPPORT=port]

[UDPTUNNEL={TRUE|FALSE}] [USEPFSKEY={TRUE|FALSE}]

CREATE IPSEC POLICY=name INTERFACE=interface

ACTION={DENY|IPSEC|PERMIT}

[BUNDLESPECIFICATION=bundlespecification-id] [DFBIT={SET|

COPY|CLEAR}] [GROUP={0|1|2}] [IPROUTETEMPLATE=template-

name] [ISAKMPPOLICY=isakmp-policy-name]

[KEYMANAGEMENT={ISAKMP|MANUAL}] [LADDRESS={ANY|

ipadd[-ipadd]}] [LMASK=ipadd] [LNAME={ANY|system-name}]

[LPORT={ANY|OPAQUE|port}] [PEERADDRESS={ipadd|ANY|

DYNAMIC}] [POSTION=pos] [RADDRESS={ANY|ipadd[-ipadd]}]

[RMASK=ipadd] [RNAME={ANY|system-name}] [RPORT={ANY|port|

OPAQUE}] [SASELECTORFROMPKT={ALL|LADDRESS|LPORT|NONE|

RADDRESS|RPORT|TRANSPORTPROTOCOL}]

[SRCINTERFACE=interface] [TRANSPORTPROTOCOL={ANY|EGP|ESP|

GRE|ICMP|OPAQUE|OSPF|RSVP|TCP|UDP|protocol}]

[UDPHEARTBEAT={TRUE|FALSE}] [UDPPORT=port]

[UDPTUNNEL={TRUE|FALSE}] [USEPFSKEY={TRUE|FALSE}]

where:

■

interface is an interface name formed by joining a layer 2 interface type, an

interface instance, and optionally a hyphen followed by a logical interface

number in the range 0 to 15 (e.g. eth0, vlan1, ppp1-1).

previous next