Alcatel-Lucent 6850-48 ネットワークガイド

Configuring IPsec

Configuring IPsec on the OmniSwitch

OmniSwitch AOS Release 6 Network Configuration Guide

page 27-15

-> show ipsec policy tcp_in

Name        = tcp_in

Priority    = 500

Source      = 3ffe:1:1:1::99

Destination = 3ffe:1:1:1::1

Protocol    = TCP

Direction   = in

Action      = ipsec

State       = active

Rules:

  1 : esp

Description:

IPsec on all inbound TCP

To configure an IPsec rule for a configured IPsec security policy, use the 

command 

along with the policy name, index value for the IPsec policy rule, and IPsec protocol type (AH or ESP). 
For example:

-> ipsec policy tcp_in rule 1 esp

The above command applies the configured IPsec security policy with rule 1 to ESP. The index value 
specified determines the order in which a rule should get applied to the payload. The policy name config-
ured for the IPsec policy rule should be the same as the policy name configured for the IPsec security 
policy. It’s possible to first encrypt the original content of an IPv6 packet using ESP and then authenticate 
the packet using AH by configuring an ESP rule with an index of one and then configuring the AH rule 
with an index of two. For example:

-> ipsec policy tcp_in rule 1 esp

-> ipsec policy tcp_in rule 2 ah

Use the no form of this command to remove the configured IPsec rule for an IPsec security policy. For 
example:

-> no ipsec policy tcp_in rule 2

To verify the IPsec policy, use the 

 command. For example:

-> show ipsec policy tcp_in

Name        = tcp_in

Priority    = 500

Source      = 3ffe:1:1:1::99

Destination = 3ffe:1:1:1::1

Protocol    = TCP

Direction   = in

Action      = ipsec

State       = active

Rules:

1 : esp,

  2 : ah

Description:

IPsec on all inbound TCP