The common IP security configuration file and the stack-specific IP security configuration file have exactly the same structure. They are comprised of a number of statements that define items that are used to define policy, such as policies, rules, actions, groups, and objects. Statement names and attribute names are not case sensitive, though they appear in mixed case in this information for readability. Only user-defined names are case sensitive. For the complete syntax of all IP security policy statements, see z/OS Communications Server: IP Configuration Reference.
An IP security policy configuration statement has the following generic form:
StatementType user-defined name
{
Attribute1 value1
Attribute2 value2
.
.
.
}
Statements often contain other inline statements in a recursive form:
StatementType1 user-defined name
{
Attribute1 value1
StatementType2 optional user-defined name
{
Attribute1 value1
Attribute2 value2
}
Attribute2 value2
}
There are three main sections in an IP security configuration file, identified by the following three statements:
Additional statements that define rules, actions, groups, and objects are found both in the main body of the configuration file and within any of these other three policy blocks. A high-level view of an IP security configuration file follows. Although the statement blocks are shown in a specific order, the ordering is arbitrary.
IpFilterPolicy #(required)
{
<local statements>
}
KeyExchangePolicy #(optional)
{
<local statements>
}
LocalDynVpnPolicy #(optional)
{
<local statements>
}
<global statements>