Ipsec Policy Editing; Generic Ipsec Settings - IBM TS3100 Setup, Operator, And Service Manual

Table 35. Generic IPSec settings
Setting
Enable
Default Policy
Neighborhood Solicitation/
Neighborhood Advertisment bypass
policies enabled
3. Figure 116 shows the IPSec maintenance main controls.
Figure 116. IPSec Policy editing
a. New creates a new policy. Up to four policies can be created.
b. Delete deletes the selected policy.
c. Disable disables the selected policy. If it is already enabled, a click disables it.
d. View/Modify loads the selected policy to view or modify.
e. Up/Down allows reordering of the selected policy. Policies are processed in the order as shown.
Reordering of policies changes the processing priority.
4. Policies are processed in the order they display on the policy list. This order is important in case
multiple policies are in use. The first matching policy processes the packet.
v One policy matches the packet, and is selected.
v Multiple policies might match. In this case, the first matching policy is selected.
v No policies might match, then the default policy is used.
5. The Policy Editing section is divided into four parts:
v General settings
v Internet Key Exchange (IKE) settings
v Security Association settings
v Refresh/Submit/Cancel button
Available values
v Enable
v Disable
v Bypass
v Discard
v Enable
v Disable
Comments
The IPSec system might be enabled
or disabled. If disabled, no IPSec
processing takes place. All data is
processed natively.
The Default Policy is used for all
data packets not matching any user
policy traffic selector. With Bypass,
the packet is forwarded and normally
processed. With Discard, the packet is
not processed and is discarded.
Enables predefined policies for the
NS/NA messages to be bypassed.
Allows initial IKE phases with all
protocol-securing policies, which
would normally discard this message
type if no SA is established.
Operations
137