Configuring IPsec Configuring IPsec on the OmniSwitch
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 18-13
Assigning an Action to a Policy
To define what action will be performed on the traffic specified in the security policy, you can use the
following parameters:
• discard - Discards the IPv6 packets.
• ipsec - Allows IPsec processing of the traffic to which this policy is applied.
If the action is ipsec, then a rule must be defined before the policy can be enabled. Additionally, SAs and
SA keys must also be configured to support the rule.
• none - No action is performed.
The above commands could be modified to discard the traffic instead of processing using IPsec.
-> ipsec policy tcp_in discard
-> ipsec policy tcp_out discard
Configuring the Protocol for a Policy
You can define the type of protocol to which the security policy can be applied by using the protocol
parameter. For example:
-> ipsec policy udp_in source ::/0 destination 3ffe:200:200:4001::99 protocol
udp in ipsec description "IPsec on all inbound UDP" admin-state enable
The following table lists the various protocols that can be specified, refer to the ipsec policy command for
additional details.
Verifying a Policy
To verify the configured IPsec policy, use the show ipsec policy command. For example:
-> show ipsec policy
Name Priority Source-> Destination Protocol Direction Action State
-----------+--------+-----------------------------+--------+-------+-------+------
tcp_in 500 3ffe:1:1:1::99->3ffe:1:1:1::1 TCP in ipsec esp active
tcp_out 500 3ffe:1:1:1::1->3ffe:1:1:1::99 TCP out ipsec esp active
ftp-in-drop 100 ::/0->::/0 TCP in discard disabled
telnet-in-1 100 2000::/48->::/0 TCP in ipsec disabled
The above command provides examples of various configured policies.
You can also verify the configuration of a specific security policy by using the show ipsec policy
command followed by the name of the security policy. For example:
protocol
any icmp6[type type] tcp udp
ospf vrrp number protocol
Note. The presence of a ‘+’ sign in the ‘Source->Destination’ or ‘Action’ indicates the values has been
truncated to fit. View a specific security policy to view additional details.
To Next Page
Loading...
Need help?
General
