Cisco Cisco Packet Data Gateway (PDG) Merkblatt
Access Control
Access Control via Blacklist or Whitelist ▀
Cisco StarOS IP Security (IPSec) Reference ▄
143
Blacklist and Whitelist File Format
File Format and Content
The blacklist/whitelist file can be in DOS or Unix format. DOS files will be internally converted to Unix format before
being read.
being read.
The file contents should follow the standard format described below. Each entry in the blacklist/whitelist file should
contain the ID type so that the validation is performed for that ID type. The ID type and ID value in each entry should
be separated by a space.
contain the ID type so that the validation is performed for that ID type. The ID type and ID value in each entry should
be separated by a space.
Important:
No other file types or formats are supported.
The sample file content is shown below.
# IP address IDS
ipv4 "33.33.33.1"
ipv4 "66.66.66.1"
ipv6 "11::1"
# FQDN IDs
fqdn "LS1-0.cisco.com"
# Email ID
email "user@sample.com"
# Distinguished Name ID
dn "C=US,ST=CA,L=SanJose,O=Cisco,OU=SMBU,CN=ixia.organization.bu.org"
ipv4 "33.33.33.1"
ipv4 "66.66.66.1"
ipv6 "11::1"
# FQDN IDs
fqdn "LS1-0.cisco.com"
# Email ID
email "user@sample.com"
# Distinguished Name ID
dn "C=US,ST=CA,L=SanJose,O=Cisco,OU=SMBU,CN=ixia.organization.bu.org"
Supported IKE ID Types
The following IKE ID types are support supported in a blacklist or whitelist:
ID_IPV4_ADDR (IPv4 address in dotted-decimal notation)
ID_FQDN (Fully Qualified Domain Name
ID_RFC822_ADDR (Email address)
ID_IPV6_ADDR (IPv6 address in colon-separated notation)
ID_DER_ASN1_DN (Abstract Syntax Notation One – Distinguished Name)
ID_DER_ASN1_GN (Abstract Syntax Notation One – General Name)
ID_KEY_ID (Opaque byte stream)