An ipsec rule that requires IPSec protection for all traffic between the secure server and an administrative machine on the internal network:
IpFilterRule Rule2Admin
{
IpSourceAddrRef InternalServerAddressA1
IpDestAddrRef AdminClient
IpServiceRef All-traffic-local
IpGenericFilterActionRef ipsec
IpDynVpnActionRef Silver-TransportMode
}The use of multiple references in this example makes the IP filter rule easier to read. For each referenced object or action, there should be a corresponding definition elsewhere, in either the common or the stack-specific IP security configuration file:
IpAddr InternalServerAddressA1
{
Addr 9.1.1.1
}
IpAddr AdminClient
{
Addr 9.1.1.2
}
IpService All-traffic-local
{
Protocol all
Direction bidirectional
Routing local
SecurityClass 0
}
IpGenericFilterAction ipsec
{
IpFilterAction ipsec
IpFilterLogging yes LogDeny
}
IpDynVpnAction Silver-TransportMode
{
Initiation either
InitiateWithPfs None
AcceptablePfs None
IpDataOfferRef SHA-DES-Transport
}
IpDataOffer SHA-DES-Transport
{
HowToEncap transport
HowToEncrypt DES
HowToAuth ESP HMAC_SHA1
}