385
displaying, 319
dynamic binding entry, 315
IPv
4. See IPv4 source guard
IPv
6. See IPv6 source guard
maint
aining, 319
static
binding entry, 315
ip va
lidity check (ARP), 337
IPs
ec
ACL configuration, 226
AC
L de-encapsulated packet check, 234
AC
L IPsec anti-replay configuration, 235
ACL
rule keywords, 226
AC
L-based implementation, 225
AC
L-based IPsec, 224
appli
cation-based IPsec, 224
au
thentication, 223
au
thentication algorithms, 223
co
nfiguration, 220, 241
co
nfiguration restrictions, 228
display
ing, 240
enca
psulation modes, 221
encr
yption, 223
encr
yption algorithms, 223
IK
E configuration, 250, 252, 262
IK
E configuration (main mode/pre-shared key
authentication), 262
IK
E DPD configuration, 259
IK
E global identity information
configuration, 257
IK
E identity authentication, 251
IKE
invalid SPI recovery, 260
IK
E keepalive function configuration, 258
IK
E keychain configuration, 256
IKE NA
T keepalive function configuration, 259
IKE
negotiation, 250
IKE negoti
ation failure (no proposal or keychain
referenced correctly), 265
IKE negoti
ation failure troubleshooting (no
proposal match), 264
IK
E negotiation mode, 222
IK
E profile configuration, 253
IK
E proposal configuration, 255
IK
E SA max number, 260
IKE
security mechanism, 251
IK
E SNMP notification, 261
IK
E troubleshooting, 264
I
K
E-based tunnel for IPv4 packets
configuration, 243
im
plementation, 223
IPv
6. See IPv6 IPsec
maint
aining, 240
mirr
or image ACLs, 226
non-
mirror image ACLs, 226
pack
et DF bit configuration, 237
pack
et logging enable, 237
polic
y application to interface, 234
polic
y configuration, 228
polic
y configuration (IKE-based), 230
polic
y configuration (IKE-based/direct), 231
polic
y configuration (IKE-based/template), 232
polic
y configuration restrictions, 230
protoc
ols and standards, 224
Qo
S pre-classify enable, 236
RI
Png configuration, 246
SA,
222
SA
negotiation failure (invalid identity info), 266
SA
negotiation failure (no transform set match), 266
secu
rity PKI configuration, 185 , 188, 199
secu
rity protocols, 221
SN
MP notification configuration, 240
sou
rce interface policy bind, 236
transf
orm set configuration, 227
tunnel es
tablishment, 224
tunnel fo
r IPv4 packets configuration, 241
IPv
4
security IPsec IKE-based tunnel for IPv4 packets
configuration, 243
secu
rity IPsec tunnel for IPv4 packets
configuration, 241
sou
rce guard. See IPv4 source guard
IPv
4 source guard
configuration, 314 , 316 , 316 , 320
display
ing, 319
dy
namic binding entry, 315
dy
namic configuration with DHCP relay, 323
dy
namic configuration with DHCP snooping, 322
enable on i
nterface, 316
maint
aining, 319
static
binding entry, 315
static
configuration, 320
To Next Page
Loading...
Need help?
General
