Command line syntax for various IKE policy rules is shown below. Note that the backslash (\) at the end of a line indicates that the line continues on the next line. Do not include any Returns, Enters, or backslashes when typing rules.
Tunnel mode, pre-shared key usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(authalg1) | ESP(encralg1[, authalg2]) } \ IKE(encralg2, authalg3, oakleygroup, PRE-SHARED, pskey) \ [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ [SOURCE_TUNNEL srctunaddr] [DESTINATION_TUNNEL dsttunaddr ] \ ALLOW |
Tunnel mode, certificate usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(authalg1) | ESP(encralg1[, authalg2]) } \ IKE(encralg2, authalg3, oakleygroup, authmethod, \ srccert, dstcert) \ [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ [SOURCE_TUNNEL srctunaddr] [DESTINATION_TUNNEL dsttunaddr] \ ALLOW |
Tunnel mode, manual key usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(spi1, authalg, key1) \ | ESP(spi2, encralg2, key2 [, spi3, authalg3, key3]) } \ [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ [SOURCE_TUNNEL srctunaddr] [DESTINATION_TUNNEL dsttunaddr] \ ALLOW |
Transport mode, pre-shared key usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(authalg1) | ESP(encralg1[, authalg2]) } \ IKE(encralg2, authalg3, oakleygroup, PRE-SHARED, pskey) \ [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ TRANSPORT ALLOW |
Transport mode, certificate usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(authalg1) | ESP(encralg1[, authalg2]) } \ IKE(encralg2, authalg3, oakleygroup, authmethod, \ srccert, dstcert) \ [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ TRANSPORT ALLOW |
Transport mode, manual key usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(spi1, authalg, key1) \ | ESP(spi2, encralg2, key2 [, spi3, authalg3, key3]} [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ TRANSPORT ALLOW |