To display the filter rules for the quick start policy after they have been installed in the stack, enter the following UNIX System Services command:
ipsec -f display -r detail -c current
CS V2R1 ipsec Stack Name: TCPCS Tue Feb 14 10:29:51 2012
Primary: Filter Function: Display Format: Detail
Source: Stack Policy Scope: Current TotAvail: 8
Logging: On Predecap: Off DVIPSec: No
NatKeepAlive: 0 FIPS140: No
Defensive Mode: Inactive
FilterName: QuickStartRule1
FilterNameExtension: 1
GroupName: n/a
LocalStartActionName: n/a
VpnActionName: n/a
TunnelID: 0x00
Type: Generic
DefensiveType: n/a
State: Active
Action: Permit
Scope: Local
Direction: Outbound
OnDemand: n/a
SecurityClass: 0
Logging: None
LogLimit: n/a
Protocol: UDP(17)
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: n/a
SourceAddress: 9.1.1.1
SourceAddressPrefix: n/a
SourceAddressRange: n/a
SourceAddressGranularity: n/a
SourcePort: 500
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 9.1.1.2
DestAddressPrefix: n/a
DestAddressRange: n/a
DestAddressGranularity: n/a
DestPort: 500
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:28:42
UpdateTime: 2012/02/14 10:28:42
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 0
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
FilterName: QuickStartRule1
FilterNameExtension: 2
GroupName: n/a
LocalStartActionName: n/a
VpnActionName: n/a
TunnelID: 0x00
Type: Generic
DefensiveType: n/a
State: Active
Action: Permit
Scope: Local
Direction: Inbound
OnDemand: n/a
SecurityClass: 0
Logging: None
LogLimit: n/a
Protocol: UDP(17)
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: n/a
SourceAddress: 9.1.1.2
SourceAddressPrefix: n/a
SourceAddressRange: n/a
SourceAddressGranularity: n/a
SourcePort: 500
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 9.1.1.1
DestAddressPrefix: n/a
DestAddressRange: n/a
DestAddressGranularity: n/a
DestPort: 500
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:28:42
UpdateTime: 2012/02/14 10:28:42
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 0
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
FilterName: QuickStartRule2
FilterNameExtension: 1
GroupName: n/a
LocalStartActionName: n/a
VpnActionName: TransportMode
TunnelID: Y0
Type: Dynamic Anchor
DefensiveType: n/a
State: Active
Action: Permit
Scope: Local
Direction: Outbound
OnDemand: Yes
SecurityClass: 0
Logging: Deny
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: Rule
SourceAddress: 9.1.1.1
SourceAddressPrefix: n/a
SourceAddressRange: n/a
SourceAddressGranularity: Packet
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 9.1.1.2
DestAddressPrefix: n/a
DestAddressRange: n/a
DestAddressGranularity: Packet
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:28:42
UpdateTime: 2012/02/14 10:28:42
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 0
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
FilterName: QuickStartRule2
FilterNameExtension: 2
GroupName: n/a
LocalStartActionName: n/a
VpnActionName: TransportMode
TunnelID: Y0
Type: Dynamic Anchor
DefensiveType: n/a
State: Active
Action: Permit
Scope: Local
Direction: Inbound
OnDemand: Yes
SecurityClass: 0
Logging: Deny
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: Rule
SourceAddress: 9.1.1.2
SourceAddressPrefix: n/a
SourceAddressRange: n/a
SourceAddressGranularity: Packet
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 9.1.1.1
DestAddressPrefix: n/a
DestAddressRange: n/a
DestAddressGranularity: Packet
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:28:42
UpdateTime: 2012/02/14 10:28:42
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 0
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
FilterName: DenyAllRule_Generated___________Inbnd
FilterNameExtension: n/a
GroupName: n/a
LocalStartActionName: n/a
VpnActionName: n/a
TunnelID: 0x00
Type: Generic
DefensiveType: n/a
State: Active
Action: Deny
Scope: Both
Direction: Inbound
OnDemand: n/a
SecurityClass: 0
Logging: None
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: n/a
SourceAddress: 0.0.0.0
SourceAddressPrefix: 0
SourceAddressRange: n/a
SourceAddressGranularity: n/a
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 0.0.0.0
DestAddressPrefix: 0
DestAddressRange: n/a
DestAddressGranularity: n/a
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:28:42
UpdateTime: 2012/02/14 10:28:42
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 34
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
FilterName: DenyAllRule_Generated___________Outbnd
FilterNameExtension: n/a
GroupName: n/a
LocalStartActionName: n/a
VpnActionName: n/a
TunnelID: 0x00
Type: Generic
DefensiveType: n/a
State: Active
Action: Deny
Scope: Both
Direction: Outbound
OnDemand: n/a
SecurityClass: 0
Logging: None
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: n/a
SourceAddress: 0.0.0.0
SourceAddressPrefix: 0
SourceAddressRange: n/a
SourceAddressGranularity: n/a
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: 0.0.0.0
DestAddressPrefix: 0
DestAddressRange: n/a
DestAddressGranularity: n/a
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:28:42
UpdateTime: 2012/02/14 10:28:42
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 7
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
FilterName: DenyAllRule_Generated__________Inbnd_v6
FilterNameExtension: n/a
GroupName: n/a
LocalStartActionName: n/a
VpnActionName: n/a
TunnelID: 0x00
Type: Generic
DefensiveType: n/a
State: Active
Action: Deny
Scope: Both
Direction: Inbound
OnDemand: n/a
SecurityClass: 0
Logging: None
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: n/a
SourceAddress: ::
SourceAddressPrefix: 0
SourceAddressRange: n/a
SourceAddressGranularity: n/a
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: ::
DestAddressPrefix: 0
DestAddressRange: n/a
DestAddressGranularity: n/a
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:28:42
UpdateTime: 2012/02/14 10:28:42
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 1
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
FilterName: DenyAllRule_Generated__________Outbnd_v6
FilterNameExtension: n/a
GroupName: n/a
LocalStartActionName: n/a
VpnActionName: n/a
TunnelID: 0x00
Type: Generic
DefensiveType: n/a
State: Active
Action: Deny
Scope: Both
Direction: Outbound
OnDemand: n/a
SecurityClass: 0
Logging: None
LogLimit: n/a
Protocol: All
ICMPType: n/a
ICMPTypeGranularity: n/a
ICMPCode: n/a
ICMPCodeGranularity: n/a
OSPFType: n/a
TCPQualifier: n/a
ProtocolGranularity: n/a
SourceAddress: ::
SourceAddressPrefix: 0
SourceAddressRange: n/a
SourceAddressGranularity: n/a
SourcePort: n/a
SourcePortRange: n/a
SourcePortGranularity: n/a
DestAddress: ::
DestAddressPrefix: 0
DestAddressRange: n/a
DestAddressGranularity: n/a
DestPort: n/a
DestPortRange: n/a
DestPortGranularity: n/a
OrigRmtConnPort: n/a
RmtIDPayload: n/a
RmtUdpEncapPort: n/a
CreateTime: 2012/02/14 10:28:42
UpdateTime: 2012/02/14 10:28:42
DiscardAction: Silent
MIPv6Type: n/a
MIPv6TypeGranularity: n/a
TypeRange: n/a
CodeRange: n/a
RemoteIdentityType: n/a
RemoteIdentity: n/a
FragmentsOnly: No
FilterMatches: 0
LifetimeExpires: n/a
AssociatedStackCount: n/a
***********************************************************************
8 entries selected
Each IP service in the example uses the bidirectional keyword. Therefore, two rules are created for each IP service, one outbound and one inbound. When the IP filter rules are expanded in this way, the specific filter rules are distinguished from each other by a unique numeric value in the FilterNameExtension field.
Note that the last four deny rules are not explicitly coded in the IP security configuration file, but are added by the system in keeping with a default-deny policy.
For more information on displaying active filters with the ipsec command, see Displaying active filters with the ipsec command.
To view the quick start filter rules using the pasearch command, issue the following command:
pasearch -v f
TCP/IP pasearch CS V1R12 Image Name: TCPCS
Date: 02/16/2010 Time: 10:30:47
IPSec Instance Id: 1266334122
policyRule: QuickStartRule1
Rule Type: IpFilter
Version: 3 Status: Active
Weight: 106 ForLoadDist: False
Priority: 6 Sequence Actions: Don't Care
No. Policy Action: 1 ConditionListType: CNF
IpSecType: policyIpFilter
policyAction: permit
ActionType: IpFilter GenericFilter
Action Sequence: 0
Time Periods:
Day of Month Mask:
First to Last: 1111111111111111111111111111111
Last to First: 1111111111111111111111111111111
Month of Yr Mask: 111111111111
Day of Week Mask: 1111111 (Sunday - Saturday)
Start Date Time: None
End Date Time: None
Fr TimeOfDay: 00:00 To TimeOfDay: 24:00
Fr TimeOfDay UTC: 00:00 To TimeOfDay UTC: 00:00
TimeZone: Local
IpSec Condition Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
Condition Work Level: 0
Group Number: 0 Cond Count: 2
Ignore: No
IpSec Condition Work Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
IpSec Condition Work: NegativeIndicator: Off
IpFilter Condition:
Source Address:
FromAddr: 9.1.1.1
ToAddr: 9.1.1.1
Destination Address:
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
Condition Work Level: 1
Group Number: 1 Cond Count: 2
Ignore: No
IpSec Condition Work Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
IpSec Condition Work: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
FromAddr: 9.1.1.2
ToAddr: 9.1.1.2
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
Condition Work Level: 2
Group Number: 3 Cond Count: 2
Ignore: No
IpSec Condition Work Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
IpSec Condition Work: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
Service Condition:
Protocol: UDP (17)
SrcPortFrom: 500 SrcPortTo: 500
DestPortFrom: 500 DestPortTo: 500
Direction: Bidirectional
RouteType: Local SecurityClass: 0
FragmentsOnly: No
Policy created: Tue Feb 16 10:28:42 2010
Policy updated: Tue Feb 16 10:28:42 2010
IpFilter Action: permit
Version: 3 Status: Active
Scope: GenericFilter
ipFilterAction: Permit IpFilterLogging: No
DiscardAction: Silent
Policy created: Tue Feb 16 10:28:42 2010
Policy updated: Tue Feb 16 10:28:42 2010
policyRule: QuickStartRule2
Rule Type: IpFilter
Version: 3 Status: Active
Weight: 105 ForLoadDist: False
Priority: 5 Sequence Actions: Don't Care
No. Policy Action: 2 ConditionListType: CNF
IpSecType: policyIpFilter
policyAction: ipsec
ActionType: IpFilter GenericFilter
Action Sequence: 0
policyAction: TransportMode
ActionType: IpFilter DynamicVpn
Action Sequence: 0
Time Periods:
Day of Month Mask:
First to Last: 1111111111111111111111111111111
Last to First: 1111111111111111111111111111111
Month of Yr Mask: 111111111111
Day of Week Mask: 1111111 (Sunday - Saturday)
Start Date Time: None
End Date Time: None
Fr TimeOfDay: 00:00 To TimeOfDay: 24:00
Fr TimeOfDay UTC: 00:00 To TimeOfDay UTC: 00:00
TimeZone: Local
IpSec Condition Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
Condition Work Level: 0
Group Number: 0 Cond Count: 2
Ignore: No
IpSec Condition Work Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
IpSec Condition Work: NegativeIndicator: Off
IpFilter Condition:
Source Address:
FromAddr: 9.1.1.1
ToAddr: 9.1.1.1
Destination Address:
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
Condition Work Level: 1
Group Number: 1 Cond Count: 2
Ignore: No
IpSec Condition Work Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
IpSec Condition Work: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
FromAddr: 9.1.1.2
ToAddr: 9.1.1.2
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
Condition Work Level: 2
Group Number: 3 Cond Count: 2
Ignore: No
IpSec Condition Work Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
Service Condition:
Protocol: 0
Direction: 0
RouteType: 0 SecurityClass: 0
FragmentsOnly: No
IpSec Condition Work: NegativeIndicator: Off
IpFilter Condition:
Source Address:
Destination Address:
Service Condition:
Protocol: All
Direction: Bidirectional
RouteType: Local SecurityClass: 0
FragmentsOnly: No
Policy created: Tue Feb 16 10:28:42 2010
Policy updated: Tue Feb 16 10:28:42 2010
IpFilter Action: ipsec
Version: 3 Status: Active
Scope: GenericFilter
ipFilterAction: IPSec IpFilterLogging: Yes Logdeny
DiscardAction: Silent
Policy created: Tue Feb 16 10:28:42 2010
Policy updated: Tue Feb 16 10:28:42 2010
IpFilter Action: TransportMode
Version: 3 Status: Active
Scope: DynamicVpn
Initiation: Either VpnLife: 1440
AcceptablePfs: None
InitiateWithPfs: None IpDataOfferNum: 1
PassthroughDSCP: Yes PassthroughDF: Yes
HowToEncapIKEv2: Either
IPDataOffer: 0
HowToEncap: Transport
HowToEncrypt: DES KeyLength: N/A
HowToAuth: ESP HowToAuthAlgr: HMAC_MD5
RefLifeTmPropose: 240
RefLifeTmAcptMin: 120 RefLifeTmAcptMax: 480
RefLifeSzPropose: None
RefLifeSzAccept : None
Policy created: Tue Feb 16 10:28:42 2010
Policy updated: Tue Feb 16 10:28:42 2010
policyRule: DenyAllRule_Generated___________Inbnd
Rule Type: IpFilter
Version: 3 Status: Active
Weight: 104 ForLoadDist: False
Priority: 4 Sequence Actions: Don't Care
No. Policy Action: 0
IpSecType: policyIpFilter
Time Periods:
Day of Month Mask:
First to Last: 1111111111111111111111111111111
Last to First: 1111111111111111111111111111111
Month of Yr Mask: 111111111111
Day of Week Mask: 1111111 (Sunday - Saturday)
Start Date Time: None
End Date Time: None
Fr TimeOfDay: 00:00 To TimeOfDay: 24:00
Fr TimeOfDay UTC: 00:00 To TimeOfDay UTC: 00:00
TimeZone: Local
IpSec Condition Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
FromAddr: All4
ToAddr: All4
Destination Address:
FromAddr: All4
ToAddr: All4
Service Condition:
Protocol: All
Direction: Inbound
RouteType: Either SecurityClass: 0
FragmentsOnly: No
Policy created: Tue Feb 16 10:28:42 2010
Policy updated: Tue Feb 16 10:28:42 2010
policyRule: DenyAllRule_Generated___________Outbnd
Rule Type: IpFilter
Version: 3 Status: Active
Weight: 103 ForLoadDist: False
Priority: 3 Sequence Actions: Don't Care
No. Policy Action: 0
IpSecType: policyIpFilter
Time Periods:
Day of Month Mask:
First to Last: 1111111111111111111111111111111
Last to First: 1111111111111111111111111111111
Month of Yr Mask: 111111111111
Day of Week Mask: 1111111 (Sunday - Saturday)
Start Date Time: None
End Date Time: None
Fr TimeOfDay: 00:00 To TimeOfDay: 24:00
Fr TimeOfDay UTC: 00:00 To TimeOfDay UTC: 00:00
TimeZone: Local
IpSec Condition Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
FromAddr: All4
ToAddr: All4
Destination Address:
FromAddr: All4
ToAddr: All4
Service Condition:
Protocol: All
Direction: Outbound
RouteType: Either SecurityClass: 0
FragmentsOnly: No
Policy created: Tue Feb 16 10:28:42 2010
Policy updated: Tue Feb 16 10:28:42 2010
policyRule: DenyAllRule_Generated__________Inbnd_v6
Rule Type: IpFilter
Version: 3 Status: Active
Weight: 102 ForLoadDist: False
Priority: 2 Sequence Actions: Don't Care
No. Policy Action: 0
IpSecType: policyIpFilter
Time Periods:
Day of Month Mask:
First to Last: 1111111111111111111111111111111
Last to First: 1111111111111111111111111111111
Month of Yr Mask: 111111111111
Day of Week Mask: 1111111 (Sunday - Saturday)
Start Date Time: None
End Date Time: None
Fr TimeOfDay: 00:00 To TimeOfDay: 24:00
Fr TimeOfDay UTC: 00:00 To TimeOfDay UTC: 00:00
TimeZone: Local
IpSec Condition Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
FromAddr: All6
ToAddr: All6
Destination Address:
FromAddr: All6
ToAddr: All6
Service Condition:
Protocol: All
Direction: Inbound
RouteType: Either SecurityClass: 0
FragmentsOnly: No
Policy created: Tue Feb 16 10:28:42 2010
Policy updated: Tue Feb 16 10:28:42 2010
policyRule: DenyAllRule_Generated__________Outbnd_v6
Rule Type: IpFilter
Version: 3 Status: Active
Weight: 101 ForLoadDist: False
Priority: 1 Sequence Actions: Don't Care
No. Policy Action: 0
IpSecType: policyIpFilter
Time Periods:
Day of Month Mask:
First to Last: 1111111111111111111111111111111
Last to First: 1111111111111111111111111111111
Month of Yr Mask: 111111111111
Day of Week Mask: 1111111 (Sunday - Saturday)
Start Date Time: None
End Date Time: None
Fr TimeOfDay: 00:00 To TimeOfDay: 24:00
Fr TimeOfDay UTC: 00:00 To TimeOfDay UTC: 00:00
TimeZone: Local
IpSec Condition Summary: NegativeIndicator: Off
IpFilter Condition:
Source Address:
FromAddr: All6
ToAddr: All6
Destination Address:
FromAddr: All6
ToAddr: All6
Service Condition:
Protocol: All
Direction: Outbound
RouteType: Either SecurityClass: 0
FragmentsOnly: No
Policy created: Tue Feb 16 10:28:42 2010
Policy updated: Tue Feb 16 10:28:42 2010
For more information on displaying filter rules with the pasearch command, see Displaying filter rules with the pasearch command.
To display the key exchange rules and actions for the quick start IP security policy, issue the following command:
pasearch -v k
TCP/IP pasearch CS V1R12 Image Name: TCPCS
Date: 02/16/2010 Time: 10:31:07
IPSec Instance Id: 1266334122
policyRule: QuickStart_KeyExRule
Rule Type: KeyExchange
Version: 3 Status: Active
Weight: 101 ForLoadDist: False
Priority: 1 Sequence Actions: Don't Care
No. Policy Action: 1
IpSecType: policyKeyExchange
policyAction: QuickStart_KeyExAction
ActionType: KeyExchange
Action Sequence: 0
Time Periods:
Day of Month Mask: 0000000000000000000000000000000
Month of Yr Mask: 000000000000
Day of Week Mask: 0000000 (Sunday - Saturday)
Start Date Time: None
End Date Time: None
Fr TimeOfDay: 00:00 To TimeOfDay: 00:00
Fr TimeOfDay UTC: 00:00 To TimeOfDay UTC: 00:00
TimeZone: Local
IpSec Condition Summary: NegativeIndicator: Off
KeyExchange Condition:
LocalSecurityEndPoint:
Location:
FromAddr: 9.1.1.1
ToAddr: 9.1.1.1
Identity:
IpAddr:
FromAddr: 9.1.1.1
ToAddr: 9.1.1.1
RemoteSecurityEndPoint:
Location:
FromAddr: 9.1.1.2
ToAddr: 9.1.1.2
Identity:
IpAddr:
FromAddr: 9.1.1.2
ToAddr: 9.1.1.2
Policy created: Tue Feb 16 10:28:42 2010
Policy updated: Tue Feb 16 10:28:42 2010
KeyExchange Action: QuickStart_KeyExAction
Version: 3 Status: Active
HowToInitiate: Main HowToRespondIKEv1: Either
AllowNat: No FilterByIdentity: No
HowToAuthMe: DigitalSignature ReauthInterval: 0
BypassIpValidation: No CertURLLookupPref: Tolerate
RevocationChecking: Loose
KeyExchangeOffer: 0
HowToEncrypt: DES KeyLength: N/A
HowToAuthPeers: PresharedKey DHGroup: Group1
HowToAuthMsgs: MD5
HowToVerifyMsgs: HMAC_SHA1_96 PseudoRandomFunc: HMAC_SHA1
RefLifeTmPropose: 480
RefLifeTmAcptMin: 240 RefLifeTmAcptMax: 1440
RefLifeSzPropose: None
RefLifeSzAccept : None
Policy created: Tue Feb 16 10:28:42 2010
Policy updated: Tue Feb 16 10:28:42 2010