2. Decide whether to use tunnel or transport mode. The default mode is transport.
3. To describe the packets to which this policy applies, create a traffic selector using
the following commands:
4. Choose whether to use a manual or a dynamic policy.
© Copyright Lenovo 2017
CN 4093(config)# ipsec transform-set tunnel|transport
CN 4093(config)# ipsec traffic-selector <traffic selector number> {permit|deny}
{any|icmp {<ICMPv6 type>|any}|tcp} {<source IP address>|any} {<destination IP address>|
|any} [<prefix length>]
where the following parameters are used:
traffic selector number
permit|deny
proto/any
proto/icmp type|any
proto/tcp
source IP address|any
destination IP address|any
prefix length
Permitted traffic that matches the policy in force is encrypted, while denied traffic
that matches the policy in force is dropped. Traffic that does not match the policy
bypasses IPsec and passes through clear (unencrypted).
an integer from 1‐10
whether or not to permit IPsec encryption of
traffic that meets the criteria specified in this
command
apply the selector to any type of traffic
only apply the selector only to ICMP traffic of the
specified type (an integer from 1‐255) or to any
ICMP traffic
only apply the selector to TCP traffic
the source IP address in IPv6 format or "any"
source
the destination IP address in IPv6 format or "any"
destination
(Optional) the length of the destination IPv6
prefix; an integer from 1‐128
Chapter 25: Using IPsec with IPv6
425