Table of Contents
Advertisement
52 Chapter 2 Configuring servers
•
The supported syntax is:
[Prefix] [Action] [Protocol] [Source] [Source Wildcard Mask] [Destination]
[Destination Wildcard Mask] [Operator] [Port]
The following table describes the syntax of the attributes.
Table 3 Syntax of attributes
Section
Prefix
Action
Protocol
Source
Source wildcard mask
Destination
Destination wildcard mask
Operator
Port
Do not specify an outacl that denies all traffic, such as ip:outacl#1=deny ip any
any, because this prevents the IPsec client from connecting to the banner server.
You must have at least one outacl entry specified. You can specify a "deny all"
filter in the group.
NN46110-600
Attribute—1 (AV Pair)
Description
ip:inacl#Num=
ip:outacl#Num=
Where "Num" is replaced with a number specifying the
order in the list. Inacl and outacl are the only two AV pair
types supported.
Deny or permit
IP, TCP, UDP, or ICMP
An IP Address, "any", or "host <host address>
This is not used if the source is "any" or "host". Note the
mask is NOT specified as a subnet mask. "0" indicates
exact match for an octet. "255" indicates a "don't care" for
all of the bits in the octet.
An IP address, "any", or "host <host address>"
This is not used if the source is "any" or "host". Note the
mask is NOT specified as a subnet mask. "0" indicates
exact match for an octet. "255" indicates a "don't care" for
all of the bits in the octet.
LT - Less than, GT- Greater than, EQ - Equal, NEQ - Not
equal
Operator is not used unless the protocol is TCP or UDP.
Port number. Must be provided if an operator is specified.
Advertisement
Table of Contents
