Configuration | Policy Management | Traffic Management | Rules | Add, Modify, or Copy
13-15
VPN 3000 Concentrator Series User Guide
Click the drop-down menu button and select the protocol to which this rule applies.
Any = Any protocol [255] (the default selection).
ICMP = Internet Control Message Protocol [1] (used by ping, for example). If you select this
protocol, you should also configure
ICMP Packet Type.
TCP = Transmission Control Protocol [6] (connection-oriented; e.g., FTP, HTTP, SMTP, and Telnet).
If you select this protocol, you should configure
TCP Connection and TCP/UDP Source Port or
Destination Port.
EGP = Exterior Gateway Protocol [8] (used for routing to exterior networks).
IGP = Interior Gateway Protocol [9] (used for routing within a domain).
UDP = User Datagram Protocol [17] (connectionless; e.g., SNMP). If you select this protocol, you
should also configure
TCP/UDP Source Port or Destination Port.
ESP = Encapsulation Security Payload [50] (applies to IPSec).
AH = Authentication Header [51] (applies to IPSec).
GRE = Generic Routing Encapsulation [47] (used by PPTP).
RSVP = Resource Reservation Protocol [46] (reserves bandwidth on routers).
IGMP = Internet Group Management Protocol [2] (used in multicasting).
OSPF = Open Shortest Path First [89] (interior routing protocol).
Other = Other protocol not listed here. If you select Other here, you must enter the IANA-assigned
protocol number in the
Other field.
TCP Connection
Click the drop-down menu button and select whether this rule applies to packets from established TCP
connections. For example, you might want a rule to forward only those TCP packets that originate from
established connections on the public network interface, to provide maximum protection against
“spoofing.” The choices are:
Established = Apply rule to packets from established TCP connections only.
Don’t Care = Apply rule to any TCP packets, whether from established connections or new
connections (the default selection).
Source Address
Specify the packet source address that this rule checks; i.e., the address of the sender.
Network List
Click the drop-down menu button and select the configured network list that specifies the source
addresses. A network list is a list of network addresses that are treated as a single object. See the
Configuration | Policy Management | Traffic Management | Network Lists screens. Otherwise, you can select:
Use IP Address/Wildcard-mask below, which lets you enter a network address.
If you select a configured network list, the Manager ignores entries in the
IP Address and Wildcard-mask
fields.
To Next Page
Loading...
Need help?
General