TMS zl Management and Configuration Guide ST.1.2.100916
A-81
Command-Line Reference
Global Configuration Context
For example, to drop packets classified as critical, enter the following
command:
hostswitch(tms-module-<slot ID>:config)# ips threat-
level critical terminate
ips web-proxy
The ips web-proxy command allows you to configure a web proxy for your IPS.
To create a web proxy for your IPS, enter the following:
Syntax: [no] ips web-proxy [<IP address or hostname> <port>]
Replace <IP address or hostname> with the IP address or hostname of your web
proxy.
Replace <port> with your web proxy’s port number.
ipsec
The ipsec command includes many options. It contains all of the commands
you need to create an IPsec VPN, including the IKEv1 policy, the IPsec
proposal, and the IPsec policy itself.
For this reason, documentation of this command will be separated into several
sections.
■ Global IPsec—these commands control whether IPsec is enabled, how
ICMP error messages are handled, the number of SAs allowed per policy,
whether SAs are automatically revalidated when policies change, and the
minimum packet size for IP compression. (See “ipsec enable” on page
A-82, “ipsec icmp” on page A-82, “ipsec sa” on page A-84, and “ipsec ip-
compression” on page A-83.)
■ IKEv1—this command creates (or deletes) an IKEv1 policy and enables
you to enter the IKEv1 context. (See “ipsec ikev1” on page A-82.)
■ IKEv1 context—using the commands in this context, you can create and
edit an IKEv1 policy. (See “IKEv1 Context” on page A-122.)
■ IPsec proposal—this command creates (or deletes) an IPsec proposal,
which sets the IPsec mode (tunnel or transport) and IPsec security
protocol for the tunnel. (See “ipsec proposal” on page A-83.)
■ IPsec policy—this command creates (or deletes) an IPsec policy and
enables you to enter the IPsec policy context. (See “ipsec policy” on page
A-84.)