2. Decide whether to use tunnel or transport mode. The default mode is transport.
3. To describe the packets to which this policy applies, create a traffic selector using
the following commands:
4. Choose whether to use a manual or a dynamic policy.
© Copyright Lenovo 2018
NE2552E(config)# ipsec traffic-selector <traffic selector number> {permit|deny}
{any|icmp {<ICMPv6 type>|any}|tcp} {<source IP address>|any} {<destination IP address>|
|any} [<prefix length>]
where the following parameters are used:
traffic selector number
permit|deny
protoany
proto/icmp type|any
proto/tcp
source IP address|any
destination IP address|any
prefix length
Permitted traffic that matches the policy in force is encrypted, while denied traffic
that matches the policy in force is dropped. Traffic that does not match the policy
bypasses IPsec and passes through clear (unencrypted).
an integer from 1‐10
whether or not to permit IPsec encryption of
traffic that meets the criteria specified in this
command
apply the selector to any type of traffic
only apply the selector only to ICMP traffic of the
specified type (an integer from 1‐255) or to any
ICMP traffic
only apply the selector to TCP traffic
the source IP address in IPv6 format or "any"
source
the destination IP address in IPv6 format or "any"
destination
(Optional) the length of the destination IPv6
prefix; an integer from 1‐128
Chapter 23: Using IPsec with IPv6
347