Panasonic NN46110-600 User Manual

52

Chapter 2 Configuring servers

• Attribute—1 (AV Pair)

The supported syntax is:

[Prefix] [Action] [Protocol] [Source] [Source Wildcard Mask] [Destination]
[Destination Wildcard Mask] [Operator] [Port]

The following table describes the syntax of the attributes.

Table 3

Syntax of attributes

Section

Description

Prefix

ip:inacl#Num=

ip:outacl#Num=

Where "Num" is replaced with a number specifying the

order in the list. Inacl and outacl are the only two AV pair

types supported.

Action

Deny or permit

Protocol

IP TCP UDP, or ICMP

Source

An IP Address, "any", or "host <host address>

Source wildcard mask

This is not used if the source is "any" or "host". Note the

mask is NOT specified as a subnet mask. "0" indicates

exact match for an octet. "255" indicates a "don't care" for
all of the bits in the octet.

Destination

An IP address, "any", or "host <host address>"

Destination wildcard mask

This is not used if the source is "any" or "host". Note the

mask is NOT specified as a subnet mask. "0" indicates

exact match for an octet. "255" indicates a "don't care" for
all of the bits in the octet.

Operator

LT - Less than, GT- Greater than, EQ - Equal, NEQ - Not

equal

Operator is not used unless the protocol is TCP or UDP.

Port

Port number. Must be provided if an operator is specified.

Do not specify an outacl that denies all traffic, such as ip:outacl#1=deny ip any

any, because this prevents the IPsec client from connecting to the banner server.

You must have at least one outacl entry specified. You can specify a "deny all”
filter in the group.

NN46110-600