All modules
crypto ipsec policy anti-replay
Enable or disable anti-replay service on the inbound SA. Default is enabled.
syntax:
[no] configure crypto ipsec policy anti-replay
example: SR> configure term SR/configure> crypto ipsec SR/crypto/ipsec> policy ToNetSc1
anti-replay
applies to:
All modules
crypto ipsec policy match address
Configures the IP stream to be applied to IPSec. Delete the policy to remove the addresses.
The 'no' form of this command is not supported.
syntax:
configure crypto ipsec policy <policy-name><peer-address> match address
parameter
match address
example: SR> configure term SR/configure> crypto SR/crypto> ipsec policy ToNetSc1
100.1.1.1 SR/crypto/ipsec/policy ToNetSc1> match address 10.1.1.0 24 20.1.1.0 24
applies to:
Avaya Secure Router 3120 Command Reference Guide
Configures this command to assign addresses to match with the
policy. This specifies the traffic that will be protected by the
IPSec policy.
Matches are:
<source-start-ip> <source-netmask> - the source starting IP
address and subnet mask
<dest-start-ip> <dest-netmask> - the destination starting IP
address and subnet mask
[source-end-ip <ipaddress>] - the source ending IP address
[dest-end-ip <ipaddress>] - the destination ending IP address
[protocol <protocol>] - the protocol
[sport <port-val>] - the source port number
[dport <port-val>] - the destination port number
crypto ipsec policy anti-replay
definition
December 2010
727