Page History
Add_workflow_for_techpubs | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Panel | |
---|---|
In this section:
|
Info | ||
---|---|---|
| ||
Related articles: |
Use this object to configure IPsec Security Policy Database (SPD) for the
Spacevars | ||
---|---|---|
|
action
parameter is set to "protect", the SPD establishes the phase 2 criteria for the negotiation between Spacevars | ||
---|---|---|
|
Command Syntax
Code Block | ||
---|---|---|
| ||
% set addressContext <addressContext name> ipsec spd <spd_name> action <bypass | discard | protect> localIpAddr <ipAddress> localIpPrefixLen <0-128> localPort <0-65535> media <disable | enable> mode <transport | tunnel> precedence <0-65535> protocol <0-255> remoteIpAddr <ipAddress> remoteIpPrefixLen <0-128> remotePort <0-65535> state <disabled | enabled> |
Command Parameters
Caption | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Restrictions on IPsec SPD configuration when used for IPsec media
Ensure that the following conditions are met:
The local selector (
localIpAddr
andlocalIpPrefixLen
) must encompass all possible local Media IPs, including the LIF Primary IP and all optional Alternate Media IPs. Also, it must not encompass any non-media IPs used by the SBC, such as the SIP Signaling IP address.Info title Note The SIP Signaling Address must be different than the LIF Primary IP address (
ipAddress
).- The remote selector (
remoteIpAddr
andremoteIpPrefixLen
) must encompass all possible Media IPs used by the remote SBC. Also, it must not encompass any non-media IPs used by the remote peer. - The mode is set to
tunnel
. - The
media
flag is enabled.
Info | ||
---|---|---|
| ||
One Security Policy Database (SPD) entry is created for each IPsec tunnel. It is possible to create multiple IPsec tunnels that use the same IP Interface Group. That is, one for signaling traffic and one for media traffic. |
Command Examples
Code Block | ||
---|---|---|
| ||
% set addressContext default ipsec spd SPD3 localIpAddr 10.16.230.2 localIpPrefixLen 32 remoteIpAddr 10.16.220.2 remoteIpPrefixLen 32 action protect protocol 17 state enabled precedence 102 % show addressContext default ipsec spd SPD3 { state enabled; precedence 102; localIpAddr 10.16.230.2; localIpPrefixLen 32; remoteIpAddr 10.16.220.2; remoteIpPrefixLen 32; protocol 17; action protect; } |
Code Block | ||
---|---|---|
| ||
set addressContext AC1 ipsec spd SPD3 media enable |