Application Note
Configuring the ANG-3000/7000 series Management Interface
Installing and Configuring the Management Interface Card
AVN-AN-MGMT-R10
Page 13 of 14
ipsecRule -a -n HTTPS -s HTTPS -w pass
ipsecRule -a -n ICMP -s ICMP -w pass
The command switches are defined as follows
:
Defining the SPD
After the Rules have been stipulated, you must bind the Rules to the management
interface of the ANG-3000/7000 series with a Security Policy Database (SPD).
The implicit rule is to drop all traffic and is applied at the end of the list of rules
defined in the SPD. The example below restricts SNMP, TELNET, HTTPS and ICMP
traffic to the Management Interface from the 192.168.100.0 network. Similar services
can be defined and applied to this or any other interface on the ANG.
The following command specifies the SPD:
ipsecSpd -a -n management -r 'SNMP;TELNET;HTTPS;ICMP'
The command switches are defined as follows
:
Configuration is now complete.
-a
Adds a Rule
-n
Defines the Rule name
-s
Specifies the Selector name
-w
Defines the action taken on matching packets (Process, Drop or Pass)
-a
Adds an SPD entry
-n
Specifies the Management Interface name
-r
Specifies the Rule name or a separated list of Rule names (with a semi-colon). Rules
are bracketed by quotations
