Page History

Add_workflow_for_techpubs

AUTH2	pmohan
AUTH1	sbsarkar
REV5	dalves
REV6	radaikalam
REV3	sekumar
REV1	ajnayak
REV2	mborikar

Panel

In this section:

Table of Contents

maxLevel	2

This object is used to Use the SPD (Security Policy Database) window to configure IPsec SPD entries for the SBC. The SPD entries establishes the phase 2 criteria for negotiation between the SBC and the an IKE peer. The successful completion of this negotiation results in a Security Association (SA).

To View SPD Entries

On the SBC main screen, navigate to All > Address Context >Ipsec IPsec > SPD.

The SPD can be checked for each Address Context or for all the Address Contexts created. Use the drop-down box to select the desired Address Context window opens.

Caption

0	Figure
1	All - Address Context - Ipsec - Spd Main Field

Image Removed

The SPD window is displayed.

Caption

0	Figure
1	All - Address Context - Ipsec - SpdSPD Window

To

...

Create an SPD Entry

To edit any of the SPD in the list, click the radio button next to the specific SPD name.

Caption

0	Figure
1	All - Address Context - Ipsec - Spd Highlighted

Image Removed

The Edit Selected SPD window is displayed below.

Caption

0	Figure
1	All - Address Context - Ipsec - Spd Edit Window

Image Removed

Make the required changes and click Save at the right hand bottom of the panel to save the changes made.

To Create SPD

To create a new SPD, click New SPD tab on the SPD List panel.

Caption

0	Figure
1	All - Address Context - Ipsec - Spd Fields

Image Removed

create a new SPD entry:

Use the drop-down box to select the desired Address Context for the SPD.

Click New SPD. The Create New SPD window opensThe Create New SPD window is displayed.

Caption

0	Figure
1	All - Address Context - Ipsec - Spd Create Create New SPD Window

The following fields are displayed:

Caption

0	Table
1	Spd SPD Parameters

Parameter

Length/Range

Description

Name

1-23

Specifies the name of an IPsec Security Policy Database (SPD) entry. The IPsec SPD is an ordered list of entries ("rules") that specify sets of packets and determine whether or not to permit, deny, or protect packets between the

Spacevars

0	product

and the peer that is referenced from the entry. If the packets are to be protected, this entry references information that specifies how to protect them.

You may create and configure up to 4,096 SPD entries.

State

NA

Administrative state to disable or enable a SPD entry.

Precedence

0-65535

A unique precedence (evaluation order) for this SPD.

Local

Ip
IP Addr N/A Specifies the local IPv4 or IPv6 address of the SPD traffic selector. Zero indicates wildcard.
Local
Ip
IP Prefix Len 0-128 Specifies the local IP prefix length of the SPD traffic selector. Default value is 0.
Local Port 0-65535 Specifies the local port of the SPD traffic selector. Zero indicates wildcard. Default value is 0.
Remote
Ip
IP Addr NA Specifies the remote IPv4 or IPv6 address of the SPD traffic selector. Zero indicates wildcard.
Remote
Ip
IP Prefix Len 0-128 Specifies the remote IP prefix length of the SPD traffic selector. Default value is 0.
Remote Port 0-65535 Specifies the remote port of the SPD traffic selector. Zero indicates wildcard. Default value is 0.
Protocol 0-255 Specifies the IP protocol number of the SPD traffic selector. This parameter uses IANA protocol number assignment, that is, protocol number 6 represents TCP, protocol number 17 represents UDP. Zero indicates wildcard. Default value is 0.
Action
N/A
Action applied when packets processed by IPSEC found matching the selectors of this SPD rule.
Discard – Specifies that the packets are dropped.
Bypass – Specifies that the packets are bypassed as clear text.
Protect – Specifies that the packets are protected by IPSEC based on the protection parameters specified in the configured
ipsec
IPsec protection profile.
Mode
NA
Note
This parameter is only applicable if the Action parameter is set to Protect.
Use this parameter to set the IPsec mode for the SPD.
Tunnel (default) – Use this mode to encrypt and authenticate the entire IP packet (both header and payload). This encrypted packet is encapsulated in a new packet containing a new IP header.
Transport – Use this mode to encrypt and authenticate the IP payload only.
Notes:
This parameter is only applicable when Action is set to Protect.

To Copy SPD

...

Transport mode is the recommended mode for LI configuration.
Tunnel mode is recommended for SIP peering. Although transport mode is also supported for SIP peering, the use of transport mode requires the SBC's SIP signaling port IP address to be the same as the SBC's IP interface IP address.

To Edit an SPD Entry

To edit an SPD entry:

Click the radio button next to the specific SPD

...

Caption

0	Figure
1	All - Address Context - Ipsec - Spd Highlighted

Image Removed

Click Copy SPD tab on the SPD List panel.

Caption

0	Figure
1	All - Address Context - Ipsec - Spd Fields

Image Removed

The Copy Selected SPD window is displayed along with the field details which can be edited.

Caption

0	Figure
1	All - Address Context - Ipsec - Spd Copy Window

Image Removed

...

name. The Edit Selected SPD window opens.
Make the required changes and click Save at the right hand bottom of the panel to save the changes made.

To Copy an SPD Entry

To copy an SPD entry:

Click the radio button next to the specific SPD you want to copy.
Click Copy SPD. The Copy Selected SPD window opens.
Make any required changes to the fields and click Save to save the changes.

...

To Delete an SPD Entry

To delete any of the created SPD, click an SPD entry:

Click the radio button next to the

...

SPD which you want to delete.

...

0	Figure
1	All - Address Context - Ipsec - Spd Highlighted

...

Image Removed

Click the Delete icon (X) at the end of the

...

row.

...

Confirm the deletion when prompted.

Pagebreak

Caption

0	Figure
1	All - Address Context - Ipsec - Spd Delete Confirmation

Image Removed

Click Yes to remove the specific SPD from the list.

Space shortcuts

Page tree

Versions Compared

Old Version 7

New Version Current

Key

To View SPD Entries

To

Create an SPD Entry

To Create SPD

To Copy SPD

To Edit an SPD Entry

To Copy an SPD Entry

To Delete an SPD Entry

IP Addr	N/A	Specifies the local IPv4 or IPv6 address of the SPD traffic selector. Zero indicates wildcard.
Local

IP Prefix Len	0-128	Specifies the local IP prefix length of the SPD traffic selector. Default value is 0.
Local Port	0-65535	Specifies the local port of the SPD traffic selector. Zero indicates wildcard. Default value is 0.
Remote

IP Addr	NA	Specifies the remote IPv4 or IPv6 address of the SPD traffic selector. Zero indicates wildcard.
Remote

IP Prefix Len	0-128	Specifies the remote IP prefix length of the SPD traffic selector. Default value is 0.
Remote Port	0-65535	Specifies the remote port of the SPD traffic selector. Zero indicates wildcard. Default value is 0.
Protocol	0-255	Specifies the IP protocol number of the SPD traffic selector. This parameter uses IANA protocol number assignment, that is, protocol number 6 represents TCP, protocol number 17 represents UDP. Zero indicates wildcard. Default value is 0.
Action	N/A	Action applied when packets processed by IPSEC found matching the selectors of this SPD rule. Discard – Specifies that the packets are dropped. Bypass – Specifies that the packets are bypassed as clear text. Protect – Specifies that the packets are protected by IPSEC based on the protection parameters specified in the configured