Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 2

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Noprint
Panel
borderColorgreen
bgColortransparent
borderWidth2

Back to Table of Contents

Back to CLI Configure Mode

Back to Address Context - CLI

Back to IPSec Security - CLI

...

Caption
0Table
1IPSec SPD Parameters
 

Parameter

Length/Range

Description

addressContext

1-23

Specifies the name of the address context. The address context is a container of objects that correspond to a specific IP Addressing domain. Must be 1-23 characters.

spd

1-23

Specifies the name of an IPSec Security Policy Database (SPD) entry. The IPSec SPD is an ordered list of entries ("rules") that specify sets of packets and determine whether or not to permit, deny, or protect packets between the 

Spacevars
0product
and the peer that is referenced from the entry. If the packets are to be protected, this entry references information that specifies how to protect them.

You can configure up to 4,096 SPD entries.

action

N/A

Action applied when packets processed by IPSec found matching the selectors of this SPD rule.

  • Discard – Specifies that the packets are dropped.
  • Bypass – Specifies that the packets are bypassed as clear text.
  • Protect – Specifies that the packets are protected by IPSec based on the protection parameters specified in the configured IPSec protection profile.

localIpAddr

N/A

Specifies the local IPv4 or IPv6 address of the SPD traffic selector.

localIpPrefixLen

0-128

Specifies the local IP prefix length of the SPD traffic selector. Default value is 0.

Note

If IPSec Peer protocol is set to “IKEv2” or “ANY”, localIpPrefixLen must be set to "32" for IPv4 and "128" for IPv6 because the SBC does not support range-based parameters for IKEv2 selectors.

localPort

0-65535

Specifies the local port of the SPD traffic selector. Zero indicates wildcard. Default value is 0.

precedence

0-65535

Evaluation order of this entry. Zero indicates wildcard.

protocol

0-255

Specifies the IP protocol number of the SPD traffic selector. This parameter uses IANA protocol number assignment, that is, protocol number 6 represents TCP, protocol number 17 represents UDP. Zero indicates wildcard. Default value is 0.

remoteIpAddr

N/A

Specifies the remote IPv4 or IPv6 address of the SPD traffic selector. Zero indicates wildcard.

remoteIpPrefixLen

0-128

Specifies the remote IP prefix length of the peer's SPD traffic selector. Zero indicates wildcard. Default value is 0.

Note

If IPSec Peer protocol is set to “IKEv2” or “ANY”, remoteIpPrefixLen must be set to "32" for IPv4 and "128" for IPv6 because the SBC does not support range-based parameters for IKEv2 selectors.

remotePort

0-65535

Specifies the remote port of the SPD traffic selector. Zero indicates wildcard. Default value is 0.

state

N/A

Administrative state of this SPD entry.

  • disabled (default)
  • enabled

displaylevel

1-64

To display different levels of output information in show commands.

Command Examples

Code Block
languagenone
% set addressContext default ipsec spd SPD3 localIpAddr 10.16.230.2 localIpPrefixLen 32 remoteIpAddr 10.16.220.2 remoteIpPrefixLen 32 action protect protocol 17 state enabled precedence 102

% show addressContext default ipsec 
spd SPD3 {
 state enabled;
 precedence 102;
 localIpAddr 10.16.230.2;
 localIpPrefixLen 32;
 remoteIpAddr 10.16.220.2;
 remoteIpPrefixLen 32;
 protocol 17;
 action protect;
}