Alcatel-Lucent 6850-48 ネットワークガイド
Configuring IPsec on the OmniSwitch
Configuring IPsec
page 27-14
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Assigning an Action to a Policy
To define what action will be performed on the traffic specified in the security policy, you can use the
following parameters:
following parameters:
• discard - Discards the IPv6 packets.
• ipsec - Allows IPsec processing of the traffic to which this policy is applied.
If the action is ipsec, then a rule must be defined before the policy can be enabled. Additionally, SAs and
SA keys must also be configured to support the rule.
SA keys must also be configured to support the rule.
• none - No action is performed.
The above commands could be modified to discard the traffic instead of processing using IPsec.
-> ipsec policy tcp_in discard
-> ipsec policy tcp_out discard
Configuring the Protocol for a Policy
You can define the type of protocol to which the security policy can be applied by using the protocol
parameter. For example:
parameter. For example:
-> ipsec policy udp_in source ::/0 destination 3ffe:200:200:4001::99 protocol
udp in ipsec description "IPsec on all inbound UDP" no shutdown
command for
additional details.
Verifying a Policy
To verify the configured IPsec policy, use the
command. For example:
-> show ipsec policy
Name Priority Source-> Destination
Protocol Direction Action State
-----------+--------+-----------------------------+--------+-------+-------+------
tcp_in 500
3ffe:1:1:1::99->3ffe:1:1:1::1
TCP
in
ipsec
esp
active
tcp_out 500
3ffe:1:1:1::1->3ffe:1:1:1::99
TCP
out
ipsec
esp
active
ftp-in-drop 100 ::/0->::/0
TCP in
discard disabled
telnet-in-1 100 2000::/48->::/0
TCP in
ipsec disabled
The above command provides examples of various configured policies.
Note. The presence of a ‘+’ sign in the ‘Source->Destination’ or ‘Action’ indicates the values has been
truncated to fit. View a specific security policy to view additional details.
truncated to fit. View a specific security policy to view additional details.
You can also verify the configuration of a specific security policy by using the
command
followed by the name of the security policy. For example:
protocol
any icmp6[type
type]
tcp
udp
ospf
vrrp
number protocol