You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

In this section:

This object is used to configure Spd SPD for the SBC. The SPD establishes the phase 2 criteria for the negotiation between the SBC and the IKE peer. The successful completion of this negotiation results in a Security Association (SA).

To View Spd

On SBC main screen, navigate to All > Address Context > Ipsec > Spd.

The Spd can be checked for each Address Context or for all the Address Contexts created. Use the drop-down box to select the desired Address Context.

All - Address Context - Ipsec - Spd Main Field

The Spd window is displayed.

All - Address Context - Ipsec - Spd

To Edit Spd

To edit any of the Spd in the list, click the radio button next to the specific Spd name.

All - Address Context - Ipsec - Spd Highlighted

The Edit Selected Spd window is displayed below.

All - Address Context - Ipsec - Spd Edit Window

Make the required changes and click Save at the right hand bottom of the panel to save the changes made.

To Create Spd

To create a new Spd, click New Spd tab on the Spd List panel.

All - Address Context - Ipsec - Spd Fields

The Create New Spd window is displayed.

All - Address Context - Ipsec - Spd Create Window

The following fields are displayed:

Spd Parameters

Parameter

Length/Range

Description

Name

1-23

Specifies the name of an IPsec Security Policy Database (SPD) entry. The IPsec SPD is an ordered list of entries ("rules") that specify sets of packets and determine whether or not to permit, deny, or protect packets between the 

Unable to show "metadata-from": No such page "_space_variables"
and the peer that is referenced from the entry. If the packets are to be protected, this entry references information that specifies how to protect them.

You may create and configure up to 4,096 SPD entries.

Action

N/A

Action applied when packets processed by IPSEC found matching the selectors of this SPD rule.

  • Discard – Specifies that the packets are dropped.
  • Bypass – Specifies that the packets are bypassed as clear text.
  • Protect – Specifies that the packets are protected by IPSEC based on the protection parameters specified in the configured ipsec protection profile.

Local Ip Addr

N/A

Specifies the local IPv4 or IPv6 address of the SPD traffic selector.

Local Ip Prefix Len

0-128

Specifies the local IP prefix length of the SPD traffic selector. Default value is 0.

Local Port

0-65535

Specifies the local port of the SPD traffic selector. Zero indicates wildcard. Default value is 0.

Precedence

0-65535

Evaluation order of this entry. Zero indicates wildcard.

Protocol

0-255

Specifies the IP protocol number of the SPD traffic selector. This parameter uses IANA protocol number assignment, that is, protocol number 6 represents TCP, protocol number 17 represents UDP. Zero indicates wildcard. Default value is 0.

Remote Ip Addr

N/A

Specifies the remote IPv4 or IPv6 address of the SPD traffic selector. Zero indicates wildcard.

Remote Ip Prefix Len

0-128

Specifies the remote IP prefix length of the SPD traffic selector. Zero indicates wildcard. Default value is 0.

Remote Port

0-65535

Specifies the remote port of the SPD traffic selector. Zero indicates wildcard. Default value is 0.

State

N/A

Administrative state to disable or enable a SPD entry. Zero indicates wildcard.

Protection ProfileN/ASpecifies an encryption cipher, a maximum time period for maintaining a security association between these peers (the SA "lifetime"), and an antireplay policy.
PeerN/ASpecifies the the name of the Internet Key Exchange (IKE) peer database entry.

To Copy Spd

To copy any of the created Spd and to make any minor changes, click the radio button next to the specific Spd to highlight the row.

All - Address Context - Ipsec - Spd Highlighted

 

Click Copy Spd tab on the Spd List panel.

All - Address Context - Ipsec - Spd Fields

 

The Copy Selected Spd window is displayed along with the field details which can be edited.

All - Address Context - Ipsec - Spd Copy Window

Make the required changes to the required fields and click Save to save the changes. The copied Spd is displayed at the bottom of the original Spd in the Spd List panel.

To Delete Spd

To delete any of the created Spd, click the radio button next to the specific Spd which you want to delete.

All - Address Context - Ipsec - Spd Highlighted


 

Click Delete at the end of the highlighted row. A delete confirmation message appears seeking your decision.

All - Address Context - Ipsec - Spd Delete Confirmation

Click Yes to remove the specific Spd from the list.

 

 

 

  • No labels