| A IPSEC POLICY: | Add policy (Administrator) |
| A IPSEC POLICY:xxx [par:val] |
It adds a new entry to the policy table in the "ID:xxx" position. The command can also set eventually indicated parameters to the specified values.
The policy table can store up to 128 entries, therefore the policy identifier value must be in the interval [0 - 127].
IPsec policy configurations don't require consecutive indexes. A new definition can be added in any position of the table that is currently free. If the specified index corresponds to a IPsec policy already present in the table the message "IPSEC SECURITY POLICY ALREADY EXISTS" will be shown
If the policy table is full and a new policy is asked to be added, an error message is generated: "IPSEC SECURITY POLICIES TABLE IS FULL, COMMAND NOT EXECUTED".
Changes made on the policy table are not immediately active. They can be activated by executing the initialization command INIT PO:xxx, where "xxx" is the IPSEC port number.
The "Not Refreshed (INIT)" message is displayed every time the table is modified while the Abilis CPX is working.
The "Not Saved (SAVE CONF)" message is displayed every time the table is modified but not saved with the SAVE CONF command.
If the Abilis CPX version, currently in use, does not support IPsec service, the following message will be shown "IPSEC SERVICE NOT PRESENT".
[10:32:14] ABILIS_CPX:A IPSEC POLICY:10 COMMAND EXECUTED
[10:32:14] ABILIS_CPX:A IPSEC POLICY:7 DIR:IN COMMAND EXECUTED
[10:32:14] ABILIS_CPX:A IPSEC POLICY:2 RULE:IPSEC COMMAND EXECUTED
| C IPSEC POLICY: | Clear policy (Administrator) |
| C IPSEC POLICY:xxx |
It deletes the specified entry from the policy table. The policy identifier must be in the interval [0 - 127].
If the requested entry is not present in the table, the following error message will be displayed: "IPSEC SECURITY POLICY NOT PRESENT".
If the policy table is empty, the following message will be shown "IPSEC SECURITY POLICIES TABLE IS EMPTY".
Changes made on the policy table are not immediately active. They can be activated by executing the initialization command INIT PO:xxx, where "xxx" is the IPSEC port number.
The "Not Refreshed (INIT)" message is displayed every time the table is modified while the Abilis CPX is working.
The "Not Saved (SAVE CONF)" message is displayed every time the table is modified but not saved with the SAVE CONF command.
If the Abilis CPX version, currently in use, does not support IPsec service, the following message will be shown "IPSEC SERVICE NOT PRESENT".
[10:32:14] ABILIS_CPX:C IPSEC POLICY:10 COMMAND EXECUTED
[10:32:14] ABILIS_CPX:C IPSEC POLICY:10 IPSEC SECURITY POLICY NOT PRESENT
| D IPSEC POLICY: | Display policy (User) |
| D IPSEC POLICY D IPSEC POLICY:xxx |
It shows the policy table.
If the identifier is omitted, the command will show all policies currently set.
Here is an example of the command execution:
[21:28:23] ABILIS_CPX:D IPSEC POLICY - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- POLICY: NAME: NET-SRC: PORT-SRC: DIR: BUNDLE: RULE: NET-DST: PORT-DST: ------------------------------------------------------------------------------- 0 CPX_1-to-CPX_2 192.168.001.000/24 * OUT 0 IPSEC 192.168.003.000/24 * ------------------------------------------------------------------------------- 1 CPX_2-to-CPX_1 192.168.003.000/24 * IN 1 IPSEC 192.168.001.000/24 * ------------------------------------------------------------------------------- 2 Drop policy 000.000.000.000/0 * OUT NONE DROP 000.000.000.000/0 * -------------------------------------------------------------------------------
The "Not Refreshed (INIT)" message is displayed every time the table is modified while the Abilis CPX is working.
The "Not Saved (SAVE CONF)" message is displayed every time the table is modified but not saved with the SAVE CONF command.
If the policy table is empty, the following message will be shown "*** NO IPSEC SECURITY POLICIES DEFINED ***".
By specifying the policy identifier, the command will show only the requested policy.
[00:15:04] ABILIS_CPX:D IPSEC POLICY:0 Parameter: |Value: ------------------------------------------------------------------------------ POLICY: 0 NAME: CPX_1-to-CPX_2 DIR: OUT BUNDLE: 0 RULE: IPSEC NET-SRC: 192.168.002.001/32 NET-DST: 192.168.002.002/32 PORT-SRC: * PORT-DST: * ------------------------------------------------------------------------------
The identifier must be in the interval [0 - 127]. If the requested entry is not present in the table, the following error message will be displayed: "IPSEC SECURITY POLICY NOT PRESENT".
For a more detailed description of the shown information, refer the Policy table of the IPsec port section.
If the Abilis CPX version, currently in use, does not support IPsec service, the following message will be shown "IPSEC SERVICE NOT PRESENT".
| S IPSEC POLICY: | Set policy (Administrator) |
| S IPSEC POLICY:xxx par:val [par:val] |
It sets parameters of the specified policy to their new values.
The specified policy identifier value must be in the interval [0 - 127]. If the requested entry is not present in the table, the following error message will be displayed: "IPSEC SECURITY POLICY NOT PRESENT".
If the policy table is empty, the following message will be shown "IPSEC SECURITY POLICIES TABLE IS EMPTY".
The parameter list, defined in the command, is left to right evaluated: the parameters are set one after the other, starting from the leftmost. Command evaluating will terminate if one the following events will occur:
All the parameters evaluated, before the error occurrence, will get the new value, the other ones will not be changed.
Changes made on the policy table are not immediately active. They can be activated by executing the initialization command INIT PO:xxx, where "xxx" is the IPSEC port number.
The "Not Refreshed (INIT)" message is displayed every time the table is modified while the Abilis CPX is working.
The "Not Saved (SAVE CONF)" message is displayed every time the table is modified but not saved with the SAVE CONF command.
If the Abilis CPX version, currently in use, does not support IPsec service, the following message will be shown "IPSEC SERVICE NOT PRESENT".
[10:32:14] ABILIS_CPX:S IPSEC POLICY:7 DIR:OUT RULE:DROP COMMAND EXECUTED
| A IPSEC SA: | Add Security Association (Administrator) |
| A IPSEC SA:xxx [par:val] |
It adds a new entry to the Security Associations table in the "ID:xxx" position. The command can also set eventually indicated parameters to the specified values.
The Security Associations table can store up to 128 entries, therefore the Security Association identifier value must be in the interval [0 - 127].
IPsec Security Association configurations don't require consecutive indexes. A new definition can be added in any position of the table that is currently free. If the specified index corresponds to a IPsec Security Association already present in the table the message "IPSEC SECURITY ASSOCIATION ALREADY EXISTS" will be shown
If the Security Associations table is full and a new security association is asked to be added, an error message is generated: "IPSEC SECURITY ASSOCIATIONS TABLE IS FULL, COMMAND NOT EXECUTED".
Changes made on the Security Associations table are not immediately active. They can be activated by executing the initialization command INIT PO:xxx, where "xxx" is the IPSEC port number.
The "Not Refreshed (INIT)" message is displayed every time the table is modified while the Abilis CPX is working.
The "Not Saved (SAVE CONF)" message is displayed every time the table is modified but not saved with the SAVE CONF command.
If the Abilis CPX version, currently in use, does not support IPsec service, the following message will be shown "IPSEC SERVICE NOT PRESENT".
[10:32:14] ABILIS_CPX:A IPSEC SA:0 COMMAND EXECUTED
[10:32:14] ABILIS_CPX:A IPSEC SA:7 DIR:IN COMMAND EXECUTED
[10:32:14] ABILIS_CPX:A IPSEC SA:2 PROT:ESP COMMAND EXECUTED
| C IPSEC SA: | Clear Security Association (Administrator) |
| C IPSEC SA:xxx |
It deletes the specified entry from the Security Associations table. The Security Association identifier must be in the interval [0 - 127].
If the requested entry is not present in the table, the following error message will be displayed: "IPSEC SECURITY ASSOCIATION NOT PRESENT".
If the Security Associations table is empty, the following message will be shown "IPSEC SECURITY ASSOCIATIONS TABLE IS EMPTY".
Changes made on the Security Associations table are not immediately active. They can be activated by executing the initialization command INIT PO:xxx, where "xxx" is the IPSEC port number.
The "Not Refreshed (INIT)" message is displayed every time the table is modified while the Abilis CPX is working.
The "Not Saved (SAVE CONF)" message is displayed every time the table is modified but not saved with the SAVE CONF command.
If the Abilis CPX version, currently in use, does not support IPsec service, the following message will be shown "IPSEC SERVICE NOT PRESENT".
[10:32:14] ABILIS_CPX:C IPSEC SA:10 COMMAND EXECUTED
[10:32:14] ABILIS_CPX:C IPSEC SA:10 IPSEC SECURITY ASSOCIATION NOT PRESENT
| D IPSEC SA: | Display Security Association (User) |
| D IPSEC SA D IPSEC SA:xxx |
It shows the Security Associations table.
If the identifier is omitted, the command will show all Security Associations currently set.
Here is an example of the command execution:
[21:28:23] ABILIS_CPX:D IPSEC SA - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- SA: NAME: SPI: SRC-IP: PROT: AUTH: CIPHER: DIR: BUNDLE: TUNNEL: IPP: SIDE: DST-IP: AUTHKEY: ENCKEY: ------------------------------------------------------------------------------- 0 CPX_1-to-CPX_2_ESP 00000200 192.168.002.001 ESP MD5 3DES OUT 0 YES 1 AUTO 192.168.002.002 ******* ******* ------------------------------------------------------------------------------- 1 CPX_1-to-CPX_2_AH 00000201 192.168.002.001 AH SHA OUT 0 NO 1 AUTO 192.168.002.002 ******* ------------------------------------------------------------------------------- 2 CPX_2-to-CPX_1_AH 00000401 192.168.002.002 AH SHA IN 1 NO 1 AUTO 192.168.002.001 ******* ------------------------------------------------------------------------------- 3 CPX_2-to-CPX_1_ESP 00000400 192.168.002.002 ESP MD5 3DES IN 1 YES 1 AUTO 192.168.002.001 ******* ******* -------------------------------------------------------------------------------
The "Not Refreshed (INIT)" message is displayed every time the table is modified while the Abilis CPX is working.
The "Not Saved (SAVE CONF)" message is displayed every time the table is modified but not saved with the SAVE CONF command.
If the Security Associations table is empty, the following message will be shown "*** NO IPSEC SECURITY ASSOCIATIONS DEFINED ***".
By specifying the Security Association identifier, the command will show only the requested Security Association.
[00:15:04] ABILIS_CPX:D IPSEC SA:0 Parameter: |Value: ------------------------------------------------------------------------------ SA: 0 NAME: CPX_1-to-CPX_2_ESP SPI: 00010ABC DIR: OUT BUNDLE: 0 SRC-IP: 192.168.002.001 DST-IP: 192.168.002.002 PROT: ESP AUTH: NONE CIPHER: IDEA ENCKEY: ******** TUNNEL: NO IPP: 1 SIDE: AUTO ------------------------------------------------------------------------------
The identifier must be in the interval [0 - 127]. If the requested entry is not present in the table, the following error message will be displayed: "IPSEC SECURITY ASSOCIATION NOT PRESENT".
For a more detailed description of the shown information, refer the Security Associations table of the IPsec port section.
If the Abilis CPX version, currently in use, does not support IPsec service, the following message will be shown "IPSEC SERVICE NOT PRESENT".
| S IPSEC SA: | Set Security Association (Administrator) |
| S IPSEC SA:xxx par:val [par:val] |
It sets parameters of the specified Security Association to their new values.
The specified Security Association identifier value must be in the interval [0 - 127]. If the requested entry is not present in the table, the following error message will be displayed: "IPSEC SECURITY ASSOSIATION NOT PRESENT".
If the Security Associations table is empty, the following message will be shown "IPSEC SECURITY ASSOCIATIONS TABLE IS EMPTY".
The parameter list, defined in the command, is left to right evaluated: the parameters are set one after the other, starting from the leftmost. Command evaluating will terminate if one the following events will occur:
All the parameters evaluated, before the error occurrence, will get the new value, the other ones will not be changed.
Changes made on the Security Associations table are not immediately active. They can be activated by executing the initialization command INIT PO:xxx, where "xxx" is the IPSEC port number.
The "Not Refreshed (INIT)" message is displayed every time the table is modified while the Abilis CPX is working.
The "Not Saved (SAVE CONF)" message is displayed every time the table is modified but not saved with the SAVE CONF command.
If the Abilis CPX version, currently in use, does not support IPsec service, the following message will be shown "IPSEC SERVICE NOT PRESENT".
[10:32:14] ABILIS_CPX:S IPSEC SA:10 DIR:OUT PROT:AH COMMAND EXECUTED
Print this page