Index |
A unique index identifying this entry. |
NextIndex |
This object specifies the index of the next traffic
entry in hierarchy. |
Description |
An optional human readable description for this traffic entry. |
LocalAddress |
The source IP-address of this traffic entry. It maybe
either a single address, a network address (in
combination with ipsecTrSrcMask), or the first address
of an address range (in combination with
ipsecTrLocalRange). |
LocalMaskLen |
The length of the network mask for a source network. |
LocalRange |
The last address of a source address range. If this
field is nonzero, the ipsecTrLocalMaskLen field is
ignored and the source is considered as a range of
addresses beginning with ipsecTrLocalAddress and ending
with ipsecTrLocalRange. |
RemoteAddress |
The destination IP-address of this traffic entry. It maybe
either a single address, a network address (in
combination with ipsecTrDstMask), or the first address
of an address range (in combination with
ipsecTrRemoteRange). |
RemoteMaskLen |
The length of the network mask for a destination network. |
RemoteRange |
The last address of a destination address range. If
this field is nonzero, the ipsecTrRemoteMaskLen field is
ignored and the source is considered as a range of
addresses beginning with ipsecTrRemoteAddress and ending
with ipsecTrRemoteRange. |
Proto |
The transport protocol defined for this entry. Enumerations: - icmp (1)
- igmp (2)
- ggp (3)
- ipip (4)
- st (5)
- tcp (6)
- cbt (7)
- egp (8)
- igp (9)
- bbn (10)
- nvp (11)
- pup (12)
- argus (13)
- emcon (14)
- xnet (15)
- chaos (16)
- udp (17)
- mux (18)
- dcn (19)
- hmp (20)
- prm (21)
- xns (22)
- trunk1 (23)
- trunk2 (24)
- leaf1 (25)
- leaf2 (26)
- rdp (27)
- irtp (28)
- isotp4 (29)
- netblt (30)
- mfe (31)
- merit (32)
- sep (33)
- pc3 (34)
- idpr (35)
- xtp (36)
- ddp (37)
- idprc (38)
- tp (39)
- il (40)
- ipv6 (41)
- sdrp (42)
- ipv6route (43)
- ipv6frag (44)
- idrp (45)
- rsvp (46)
- gre (47)
- mhrp (48)
- bna (49)
- esp (50)
- ah (51)
- inlsp (52)
- swipe (53)
- narp (54)
- mobile (55)
- tlsp (56)
- skip (57)
- ipv6icmp (58)
- ipv6nonxt (59)
- ipv6opts (60)
- ipproto-61 (61)
- cftp (62)
- local (63)
- sat (64)
- kryptolan (65)
- rvd (66)
- ippc (67)
- distfs (68)
- satmon (69)
- visa (70)
- ipcv (71)
- cpnx (72)
- cphb (73)
- wsn (74)
- pvp (75)
- brsatmon (76)
- sunnd (77)
- wbmon (78)
- wbexpak (79)
- isoip (80)
- vmtp (81)
- securevmtp (82)
- vines (83)
- ttp (84)
- nsfnet (85)
- dgp (86)
- tcf (87)
- eigrp (88)
- ospfigp (89)
- sprite (90)
- larp (91)
- mtp (92)
- ax25 (93)
- ipwip (94)
- micp (95)
- scc (96)
- etherip (97)
- encap (98)
- encrypt (99)
- gmtp (100)
- ifmp (101)
- pnni (102)
- pim (103)
- aris (104)
- scps (105)
- qnx (106)
- an (107)
- ippcp (108)
- snp (109)
- compaq (110)
- ipxip (111)
- vrrp (112)
- pgm (113)
- hop0 (114)
- l2tp (115)
- ipproto-116 (116)
- ipproto-117 (117)
- ipproto-118 (118)
- ipproto-119 (119)
- ipproto-120 (120)
- ipproto-121 (121)
- ipproto-122 (122)
- ipproto-123 (123)
- ipproto-124 (124)
- ipproto-125 (125)
- ipproto-126 (126)
- ipproto-127 (127)
- ipproto-128 (128)
- ipproto-129 (129)
- ipproto-130 (130)
- ipproto-131 (131)
- ipproto-132 (132)
- ipproto-133 (133)
- ipproto-134 (134)
- ipproto-135 (135)
- ipproto-136 (136)
- ipproto-137 (137)
- ipproto-138 (138)
- ipproto-139 (139)
- ipproto-140 (140)
- ipproto-141 (141)
- ipproto-142 (142)
- ipproto-143 (143)
- ipproto-144 (144)
- ipproto-145 (145)
- ipproto-146 (146)
- ipproto-147 (147)
- ipproto-148 (148)
- ipproto-149 (149)
- ipproto-150 (150)
- ipproto-151 (151)
- ipproto-152 (152)
- ipproto-153 (153)
- ipproto-154 (154)
- ipproto-155 (155)
- ipproto-156 (156)
- ipproto-157 (157)
- ipproto-158 (158)
- ipproto-159 (159)
- ipproto-160 (160)
- ipproto-161 (161)
- ipproto-162 (162)
- ipproto-163 (163)
- ipproto-164 (164)
- ipproto-165 (165)
- ipproto-166 (166)
- ipproto-167 (167)
- ipproto-168 (168)
- ipproto-169 (169)
- ipproto-170 (170)
- ipproto-171 (171)
- ipproto-172 (172)
- ipproto-173 (173)
- ipproto-174 (174)
- ipproto-175 (175)
- ipproto-176 (176)
- ipproto-177 (177)
- ipproto-178 (178)
- ipproto-179 (179)
- ipproto-180 (180)
- ipproto-181 (181)
- ipproto-182 (182)
- ipproto-183 (183)
- ipproto-184 (184)
- ipproto-185 (185)
- ipproto-186 (186)
- ipproto-187 (187)
- ipproto-188 (188)
- ipproto-189 (189)
- ipproto-190 (190)
- ipproto-191 (191)
- ipproto-192 (192)
- ipproto-193 (193)
- ipproto-194 (194)
- ipproto-195 (195)
- ipproto-196 (196)
- ipproto-197 (197)
- ipproto-198 (198)
- ipproto-199 (199)
- ipproto-200 (200)
- ipproto-201 (201)
- ipproto-202 (202)
- ipproto-203 (203)
- ipproto-204 (204)
- ipproto-205 (205)
- ipproto-206 (206)
- ipproto-207 (207)
- ipproto-208 (208)
- ipproto-209 (209)
- ipproto-210 (210)
- ipproto-211 (211)
- ipproto-212 (212)
- ipproto-213 (213)
- ipproto-214 (214)
- ipproto-215 (215)
- ipproto-216 (216)
- ipproto-217 (217)
- ipproto-218 (218)
- ipproto-219 (219)
- ipproto-220 (220)
- ipproto-221 (221)
- ipproto-222 (222)
- ipproto-223 (223)
- ipproto-224 (224)
- ipproto-225 (225)
- ipproto-226 (226)
- ipproto-227 (227)
- ipproto-228 (228)
- ipproto-229 (229)
- ipproto-230 (230)
- ipproto-231 (231)
- ipproto-232 (232)
- ipproto-233 (233)
- ipproto-234 (234)
- ipproto-235 (235)
- ipproto-236 (236)
- ipproto-237 (237)
- ipproto-238 (238)
- ipproto-239 (239)
- ipproto-240 (240)
- ipproto-241 (241)
- ipproto-242 (242)
- ipproto-243 (243)
- ipproto-244 (244)
- ipproto-245 (245)
- ipproto-246 (246)
- ipproto-247 (247)
- ipproto-248 (248)
- ipproto-249 (249)
- ipproto-250 (250)
- ipproto-251 (251)
- ipproto-252 (252)
- ipproto-253 (253)
- ipproto-254 (254)
- dont-verify (255)
|
LocalPort |
The source port defined for this traffic entry. |
RemotePort |
The destination port defined for this traffic entry. |
Action |
The action to be applied to traffic matching this entry.
Possible values:
delete(1), -- Delete this entry
always-plain(2), -- Forward the packets without
-- protection even if there is a
-- matching SA and independent from
-- the position of the traffic entry
-- in the list.
pass(3), -- Forward the packets without
-- protection
protect(4), -- Protect the traffic as specified
-- in the proposal. Drop unprotected
-- traffic of this kind.
drop(5) -- Drop all packets matching this
-- traffic entry. Enumerations: - delete (1)
- always-plain (2)
- pass (3)
- protect (4)
- drop (5)
|
Proposal |
This object specifies an index in the
ipsecProposalTable. This may be the first proposal of
possibly a choice of multiple, optionally nested
proposals which is to be offered with IKE (automatic
keying) or a manual proposal (manual keying). |
ForceTunnelMode |
This object specifies the strategy when transport mode is used.
By default, the system always uses transport mode, if possible.
If this variable is set to true, always tunnel mode will be used
for this traffic entry, even if source and destination address
match the tunnel endpoints.
Possible values:
true(1), -- Use tunnel mode even if transport mode is possible
false(2) -- Use transport mode whenever possible. Enumerations: |
LifeTime |
This object specifies an index in the
ipsecLifeTimeTable. This lifetime overwrites the
lifetimes specified for all proposals referenced by
this traffic entry. It may itself be overwritten by
an explicit lifetime specified for the peer entry
referencing this traffic entry. If the lifetime
pointed to by this index does not exist or is
inappropriate, the default lifetime from the
ipsecGlobalsTable is used. |
Granularity |
This object specifies the granularity with which SA's
must be created for this kind of traffic.
Possible values:
default(1), -- use the setting from the ipsecPeerTable
coarse(2), -- Create only one SA for each Traffic entry
ip(3), -- Create one SA for each host
proto(4), -- Create one SA for each protocol and host
port(5) -- Create one SA for each port and host. Enumerations: - default (1)
- coarse (2)
- ip (3)
- proto (4)
- port (5)
|
KeepAlive |
This object specifies whether SA's created for this kind
of traffic should be rekeyed on expiration of soft
lifetimes even if there has not been sent any traffic
over them.
Possible values:
true(1), -- rekey SA's even if no data was transferred
false(2), -- do not rekey SA's if no data was transferred
default(3) -- use the default setting from the peer entry
-- referencing this traffic entry. Enumerations: - true (1)
- false (2)
- default (3)
|
Interface |
This object specifies the interface for which the traffic
entry should be valid (pass and drop entries only).
If ipsecTrAction is set to ipsecTrAction_protect, this object
is ignored.
If this object is set to -1, there is no interface
restriction. |
Direction |
This object specifies the direction for which this traffic
entry should match.
It only applies for pass and drop entries, for protect entries
it is meaningless.
Possible values:
bidirectional(1), -- matches packets from remote to local
-- and vice versa
inbound(2), -- matches only packets from local to remote
outbound(3) -- matches only packets from remote to local. Enumerations: - bidirectional (1)
- inbound (2)
- outbound (3)
|
LocalAddressType |
The type of the local address specification.
This may be either a statically configured address or a
dynamic address which is taken from some state information. Enumerations: |
RemoteAddressType |
The type of the remote address specification.
This may be either a statically configured address or a
dynamic address which is taken from some state information. Enumerations: |
InSpi |
This object specifies the Security Parameters Index
(SPI) which should be used for the inbound SA of a
manually keyed traffic entry. The SPI is used to
distinguish between multiple IPSec connections to the
same peer with the same security protocol. The
outbound SPI of the remote sides' corresponding
traffic entry has to be equal to this value. This
object is ignored for automatically keyed SAs, as it
is chosen randomly by the initiator. |
OutSpi |
This object specifies the Security Parameters Index
(SPI) which should be used for the outbound SA of a
manually keyed traffic entry. The SPI is used to
distinguish between multiple IPSec connections to the
same peer with the same security protocol. The
inbound SPI of the remote sides' corresponding
traffic entry has to be equal to this value. This
object is ignored for automatically keyed SAs, as it
is chosen randomly by the initiator. |
EncKeyIn |
This object serves as an input field for the inbound
encryption key used with manually keyed SAs. Its
contents are reset to a single asterisk immediately
after the set operation (or input via the
console). It is not evaluated for automatically keyed
traffic entries or for traffic entries which do not
require an encryption key. |
EncKeyOut |
This object serves as an input field for the outbound
encryption key used with manually keyed SAs. Its
contents are reset to a single asterisk immediately
after the set operation (or input via the
console). It is not evaluated for automatically keyed
traffic entries or for traffic entries which do not
require an encryption key. |
AuthKeyIn |
This object serves as an input field for the inbound
authentication key used with manually keyed SAs. Its
contents are reset to a single asterisk immediately
after the set operation (or input via the
console). It is not evaluated for automatically keyed
traffic entries or for traffic entries which do not
require an authentication key. |
AuthKeyOut |
This object serves as an input field for the outbound
authentication key used with manually keyed SAs. Its
contents are reset to a single asterisk immediately
after the set operation (or input via the
console). It is not evaluated for automatically keyed
traffic entries or for traffic entries which do not
require an authentication key. |
Creator |
This object shows the creator of the traffic entry. Enumerations: - config (1)
- radius-preset (2)
|