IKE Policy Rule Syntax
Command line syntax for various IKE policy rules is shown below. Note that the backslash (\) at the end of a line indicates that the line continues on the next line. Do not include any Returns, Enters, or backslashes when typing rules.
-
Tunnel mode, pre-shared key usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(authalg1) | ESP(encralg1[, authalg2]) } \ IKE(encralg2, authalg3, oakleygroup, PRE-SHARED, pskey) \ [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ [SOURCE_TUNNEL srctunaddr] [DESTINATION_TUNNEL dsttunaddr ] \ ALLOW -
Tunnel mode, certificate usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(authalg1) | ESP(encralg1[, authalg2]) } \ IKE(encralg2, authalg3, oakleygroup, authmethod, \ srccert, dstcert) \ [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ [SOURCE_TUNNEL srctunaddr] [DESTINATION_TUNNEL dsttunaddr] \ ALLOW -
Tunnel mode, manual key usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(spi1, authalg, key1) \ | ESP(spi2, encralg2, key2 [, spi3, authalg3, key3]) } \ [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ [SOURCE_TUNNEL srctunaddr] [DESTINATION_TUNNEL dsttunaddr] \ ALLOW -
Transport mode, pre-shared key usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(authalg1) | ESP(encralg1[, authalg2]) } \ IKE(encralg2, authalg3, oakleygroup, PRE-SHARED, pskey) \ [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ TRANSPORT ALLOW -
Transport mode, certificate usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(authalg1) | ESP(encralg1[, authalg2]) } \ IKE(encralg2, authalg3, oakleygroup, authmethod, \ srccert, dstcert) \ [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ TRANSPORT ALLOW -
Transport mode, manual key usage:
[SCREEN scrn] svc srcaddr dstaddr \ IPSEC { AH(spi1, authalg, key1) \ | ESP(spi2, encralg2, key2 [, spi3, authalg3, key3]} [SOURCE_SCREEN srcscrn] [DESTINATION_SCREEN dstscrn] \ TRANSPORT ALLOW
- © 2010, Oracle Corporation and/or its affiliates