ipsec command

Display and modify IP security information on the local host:

Read syntax diagramSkip visual syntax diagram
>>---ipsec----| Primary Option |--| Global Option |------------><

Primary Option

|--+- -f-| IP Filter Option |--| Stackname Option |--------------+--|
   +- -F-| Defensive Filter Option |--| Target Option |----------+   
   +- -m-| Manual Tunnel Option |--| Stackname Option |----------+   
   +- -k-| IKE Tunnel Option |--| Stackname Option |-------------+   
   +- -y-| Dynamic Tunnel Option |--| Stackname Option |---------+   
   +- -i-| Interface Option |--| Stackname Option |--------------+   
   +- -t-| IP Traffic Test Option |--| Stackname Option |--------+   
   +- -o-| NATT Port Translation Option |--| Stackname Option |--+   
   +- -w-| IKED Network Security Option |------------------------+   
   +- -x-| Network Security Server Option |-+------------------+-+   
   |                                        '- -znsclienttname-' |   
   '- -?---------------------------------------------------------'   

Global Option

        .- 3----------.   
|-- -d--+-------------+-----------------------------------------|
        '- debuglevel-'   

Stackname Option

|--+- -p stackname----+-----------------------------------------|
   '- -z nsclientname-'   

Target Option

|--+- -p stackname-+--------------------------------------------|
   '- -G-----------'   

IP Filter Option

              .- -r detail------.  .- -c current------.                     
|--+-display--+-----------------+--+------------------+--| Filter Sel |-+--|
   |          '- -r--+-short--+-'  '- -c--+-current-+-'                 |   
   |                 +-detail-+           +-policy--+                   |   
   |                 '-wide---'           '-profile-'                   |   
   +-default------------------------------------------------------------+   
   '-reload-------------------------------------------------------------'   

Filter Selection

|--+------------------------------+--+-----+--------------------|
   |      .---------.             |  '- -h-'   
   |      V         |             |            
   +- -a----+-Ynn-+-+-------------+            
   |        '-Mnn-'               |            
   |      .------------------.    |            
   |      V                  |    |            
   +- -n----IpFilterRuleName-+----+            
   |      .---------------------. |            
   |      V                     | |            
   +- -N----DefensiveFilterName-+-+            
   |      .-------------------.   |            
   |      V                   |   |            
   '- -g----IpFilterGroupName-+---'            

Defensive Filter Option

              .- -r detail------.                                           
|--+-display--+-----------------+--+------------------------------+-----+--|
   |          '- -r--+-short--+-'  |      .---------------------. |     |   
   |                 +-detail-+    |      V                     | |     |   
   |                 '-wide---'    '- -N----DefensiveFilterName-+-'     |   
   +-add--| Defensive Filter Spec |-- -N--DefensiveFilterName-----------+   
   +-update--| Defensive Filter Update Spec |-- -N--DefensiveFilterName-+   
   '-delete-- -N--+-all---------------------+---------------------------'   
                  | .---------------------. |                               
                  | V                     | |                               
                  '---DefensiveFilterName-+-'                               

Defensive Filter Specification

   .-srcip--all------------------------.  .-destip--all------------------------.   
|--+-----------------------------------+--+------------------------------------+-->
   '-srcip--+-ipaddress--------------+-'  '-destip--+-ipaddress--------------+-'   
            +-ipaddress/prefixLength-+              +-ipaddress/prefixLength-+     
            '-all--------------------'              '-all--------------------'     

   .-prot--all-----------------------------------.   
>--+---------------------------------------------+-------------->
   '-prot--+-+-tcp-+--| PortSpecification |----+-'   
           | '-6---'                           |     
           +-+-udp-+--| PortSpecification |----+     
           | '-17--'                           |     
           +-+-icmp-+--| IcmpSpecification |---+     
           | '-1----'                          |     
           +-+-icmpv6-+--| IcmpSpecification |-+     
           | '-58-----'                        |     
           +-igmp------------------------------+     
           +-ospf------------------------------+     
           +-opaque----------------------------+     
           +-n---------------------------------+     
           '-all-------------------------------'     

   .-dir--inbound------.   
>--+-------------------+---------------------------------------->
   '-dir--+-outbound-+-'   
          '-inbound--'     

   .-routing--local---------------------------------.   
>--+------------------------------------------------+----------->
   '-routing--+-local-----------------------------+-'   
              +-routed--| FragmentSpecification |-+     
              '-either----------------------------'     

   .-mode--block--------.  .-log--yes-----.   
>--+--------------------+--+--------------+--------------------->
   '-mode--+-block----+-'  '-log--+-yes-+-'   
           '-simulate-'           '-no--'     

   .-loglimit--value_of_DMD_configuration_DefaultLogLimit_parameter-.   
>--+----------------------------------------------------------------+-->
   '-loglimit--+-0-+------------------------------------------------'   
               '-n-'                                                    

   .-lifetime--30-------.   
>--+--------------------+---------------------------------------|
   '-lifetime--lifetime-'   

PortSpecification

   .-srcport--all------.  .-destport--all------.   
|--+-------------------+--+--------------------+----------------|
   '-srcport--+-n----+-'  '-destport--+-n----+-'   
              +-n--m-+                +-n--m-+     
              '-all--'                '-all--'     

IcmpSpecification

   .-type--all-----.  .-code--all-----.   
|--+---------------+--+---------------+-------------------------|
   '-type--+-n---+-'  '-code--+-n---+-'   
           '-all-'            '-all-'     

FragmentSpecification

   .-fragmentsonly--no------.   
|--+------------------------+-----------------------------------|
   '-fragmentsonly--+-no--+-'   
                    '-yes-'     

Defensive Filter Update Specification

|--+--------------------+--+--------------------+--+--------------+--+-----------------+--|
   '-mode--+-block----+-'  '-lifetime--lifetime-'  '-log--+-yes-+-'  '-loglimit--+-0-+-'   
           '-simulate-'                                   '-no--'                '-n-'     


Read syntax diagramSkip visual syntax diagram
Manual Tunnel Option

              .- -r detail------.                         
|--+-display--+-----------------+--| Man Tunnel Sel |-+---------|
   |          '- -r--+-short--+-'                     |   
   |                 +-detail-+                       |   
   |                 '-wide---'                       |   
   +-activate--| Man Tunnel Sel |---------------------+   
   '-deactivate--+-| Man Tunnel Sel |-+---------------'   
                 '- -a all------------'                   

Man Tunnel Selection

          .-,---.                    
          V     |                    
|--+- -a----Mnn-+----------------+------------------------------|
   |      .-,------------------. |   
   |      V                    | |   
   '- -n----IpManVpnActionName-+-'   

IKE Tunnel Option

              .- -r detail------.  .- -c current------.                                  
|--+-display--+-----------------+--+------------------+--| IKE Tunnel Sel |--+-----+-+--|
   |          '- -r--+-short--+-'  '- -c--+-current-+-'                      '- -e-' |   
   |                 +-detail-+           '-all-----'                                |   
   |                 '-wide---'                                                      |   
   +-deactivate--+-| IKE tunnel Sel2 |-+---------------------------------------------+   
   |             '- -a - all-----------'                                             |   
   '-refresh--| IKE Tunnel Sel2 |----------------------------------------------------'   

IKE Tunnel Selection

          .-,---.                     
          V     |                     
|--+- -a----Knn-+-----------------+-----------------------------|
   |      .-,-------------------. |   
   |      V                     | |   
   '- -n----KeyExchangeRuleName-+-'   

IKE Tunnel Selection2

          .-,---.     
          V     |     
|---- -a----Knn-+-----------------------------------------------|

Dynamic Tunnel Option

              .- -r detail------.  .- -c current------.                                  
|--+-display--+-----------------+--+------------------+--+-------------------------+-+--|
   |          '- -r--+-short--+-'  '- -c--+-current-+-'  +- -b--| Dyn Tunnel Sel |-+ |   
   |                 +-detail-+           '-all-----'    '- -s---------------------' |   
   |                 '-wide---'                                                      |   
   |             .-,-------------------.                                             |   
   |             V                     |                                             |   
   +-activate -l---LocalDynVpnRuleName-+---------------------------------------------+   
   +-deactivate--+-| Dyn Tunnel Sel2 |-+---------------------------------------------+   
   |             '- -a all-------------'                                             |   
   '-refresh--| Dyn Tunnel Sel2 |----------------------------------------------------'   

Dyn Tunnel Selection

          .-,-------.                 
          V         |                 
|--+- -a -----Ynn---+-------------+-----------------------------|
   |      .-,------------------.  |   
   |      V                    |  |   
   +- -n ---IpDynVpnActionName-+--+   
   |      .-,-------------------. |   
   |      V                     | |   
   '- -l ---LocalDynVpnRuleName-+-'   

Dyn Tunnel Selection2

          .-,-------.                 
          V         |                 
|--+- -a -----Ynn---+-------------+-----------------------------|
   |      .-,-------------------. |   
   |      V                     | |   
   '- -l ---LocalDynVpnRuleName-+-'   

Interface Option

             .- -r detail------.   
|-- display--+-----------------+--------------------------------|
             '- -r--+-short--+-'   
                    +-detail-+     
                    '-wide---'     

IP Traffic Test Option

                                                    .-out--------------.  .- -r detail------.   
|--SrcIpAddr--DestIpAddr--+-tcp SrcPort DestPort-+--+------------------+--+-----------------+--|
                          +-udp SrcPort DestPort-+  +-in SecurityClass-+  '- -r--+-short--+-'   
                          +-icmp-----------------+  '-out--------------'         +-detail-+     
                          +-icmpv6---------------+                               '-wide---'     
                          +-igmp-----------------+                                              
                          +-ipip-----------------+                                              
                          +-ah-------------------+                                              
                          +-esp------------------+                                              
                          +-ospf-----------------+                                              
                          '-n--------------------'                                              

NATT Port Translation Option

            .- -r detail------.                                             
|--display--+-----------------+--+----------------+--+------------------+--|
            '- -r -+-short--+-'  '- -q -rmtIpAddr-'  |      .-,-------. |   
                   +-detail-+                        |      V         | |   
                   '-wide---'                        '- -u ---rmtPort-+-'   

IKED Network Security Option

            .- -r detail------.   
|--display--+-----------------+---------------------------------|
            '- -r -+-short--+-'   
                   +-detail-+     
                   '-wide---'     

Network Security Server Option

            .- -r detail------.   
|--display--+-----------------+---------------------------------|
            '- -r -+-short--+-'   
                   +-detail-+     
                   '-wide---'     
Parent topic: z/OS UNIX commands