Specifications

ManualsBrandsSiemens ManualsIP PhoneHIPATH V1.2.33

211

212

213

214

215

216

217

218

219

220

hg-07.fm

A31003-H3580-M103-2-76A9, 01-2009

HiPath 3000/5000 V8 - HG 1500 V8, Administrator Documentation

7-79

Nur für den internen Gebrauch

Explorers

Security

The Configured IPsec Rules mask is displayed. Each line in the table displayed represents an

active rule. For descriptions of the individual columns, see Section 7.2.5.64, "Adding rules".

The table can be sorted based on the columns Priority, Service, Rule-Based Action, Encryption

Required, and Rule State. Click a column heading to sort the table on the basis of the associ-

ated column. The column header currently used as the sort criterion is indicated by a small tri-

angle.

7.2.5.64 Adding rules

You can add a new IPsec rule.

WBM path:

WBM (write access activated with the Padlock icon in the control area?) > Explorers > Security

> (double-click) VPN > (double-click) Rules > (right-click) Configured Rules > Add Rule

The Add Configured IPsec Rule mask is displayed. You can edit the following fields:

● Priority: Enter the required priority for the processing sequence as a figure. The highest

priority is specified with 1. Each rule associated with a direction must be assigned its own

priority. A rule and the associated opposite-direction rule must always have the same pri-

ority. You can only create the rule for the opposite direction with the menu item specifically

provided for this purpose (see Section 7.2.5.67, "Add Rule for Opposite Direction").

● Service: Select the service to which the encryption should be limited. Select Any Service

if the encryption does not have to be limited to one service.

● Rule-Based Action: Select how the IP packets are to be dealt with by this rule: pass means

that IP packets are transferred, deny means that no IP packets are transferred.

● Encryption Required: Specify whether or not this rule will require encryption. The encryp-

tion procedure is defined by the assigned tunnel.

● Ty p e: Select the type for the source address and the destination address (you can choose

between: Host, Subnet, IP Address Range and DNS Name).

● IP address: Enter the source and destination address in a format suitable for the selected

type. The input mask depends on the address type selected. To use an arbitrary IP ad-

dress, you must enter 0.0.0.0. NAT must be deactivated at the interface to the destina-

You can subsequently edit the priority of an existing rule. However, the connec-

tion is cleared down when you apply the change if this rule was in use while you

were editing it.

You should leave spaces between the assigned priorities to enable new rules to

be added easily between existing rules if required. We recommend defining pri-

orities in steps of ten or one hundred.