Security policy database (spd), Spdaddtransport – AMX NI-2100/3100/4100 User Manual

Appendix A: IPSec Configuration File

120

NI Series WebConsole & Programming Guide

Security Policy Database (SPD)

spdAddTransport

spdAddTransport

NAME

spdAddTransport – add a transport mode policy

SYNOPSIS

spdAddTransport=pConfStr

DESCRIPTION This rule adds a transport mode policy.

Rule Value:

pConfStr

A stringValue specifier formatted as follows:

protocolSelector[/destinationPort/sourcePort],

destinationAddressSelector,sourceAddressSelector,directionality,

useSelectors,keyManager,saProposalName

where:
- protocolSelector is a decValue IANA protocol number or ANY (6 for TCP or 17 for UDP).
- destinationPort is a decValue port number or ANY.
- sourcePort is a decValue port number or ANY.
- destinationAddressSelector is an address in the format:

ipAddress1[-ipAddress2 |/ipMaskPrefix].

- sourceAddressSelector is an address in the format:

ipAddress1[-ipAddress2 |/ipMaskPrefix].

- directionality is IN (for inbound) or OUT (for outbound). If IN, this policy applies to traffic
coming into the current host. If OUT, it applies to traffic going out of the current host. A mir-
rored policy is automatically created for the opposite traffic flow.
- useSelectors is PACKET (use packet selectors) or POLICY (use policy selectors).
- keyManager is MANUAL (manual negotiation) or IKE (key negotiation).
- saProposalName is an SA proposal name.

EXAMPLES

IPv4:

spdAddTransport=ANY,30.0.0.1,30.0.30.1,OUT,PACKET,IKE,

qm_sa_default

IPv6:

spdAddTransport=ANY,3ffe:1::2,3ffe:2::2,OUT,PACKET,IKE,

qm_sa_default

Config String
Format

protocolSelector[/destinationPort/sorucePort],

destinationAddressSelector,sourceAddressSelector,directionality,

useSelector,keyManager,saProposalName