Index |
A unique index identifying this entry. |
NextIndex |
This object specifies the index of the next traffic entry in hierarchy. |
Description |
An optional human readable description for this traffic entry. |
LocalAddress |
The source IP-address of this traffic entry. It maybe either a single address, a network address (in combination with ipsecTrSrcMask), or the first address of an address range (in combination with ipsecTrLocalRange). |
LocalMaskLen |
The length of the network mask for a source network. |
LocalRange |
The last address of a source address range. If this field is nonzero, the ipsecTrLocalMaskLen field is ignored and the source is considered as a range of addresses beginning with ipsecTrLocalAddress and ending with ipsecTrLocalRange. |
RemoteAddress |
The destination IP-address of this traffic entry. It maybe either a single address, a network address (in combination with ipsecTrDstMask), or the first address of an address range (in combination with ipsecTrRemoteRange). |
RemoteMaskLen |
The length of the network mask for a destination network. |
RemoteRange |
The last address of a destination address range. If this field is nonzero, the ipsecTrRemoteMaskLen field is ignored and the source is considered as a range of addresses beginning with ipsecTrRemoteAddress and ending with ipsecTrRemoteRange. |
Proto |
The transport protocol defined for this entry. |
LocalPort |
The source port defined for this traffic entry. |
RemotePort |
The destination port defined for this traffic entry. |
Action |
The action to be applied to traffic matching this entry. Possible values: delete(1), -- Delete this entry always-plain(2), -- Forward the packets without -- protection even if there is a -- matching SA and independent from -- the position of the traffic entry -- in the list. pass(3), -- Forward the packets without -- protection protect(4), -- Protect the traffic as specified -- in the proposal. Drop unprotected -- traffic of this kind. drop(5) -- Drop all packets matching this -- traffic entry. |
Proposal |
This object specifies an index in the ipsecProposalTable. This may be the first proposal of possibly a choice of multiple, optionally nested proposals which is to be offered with IKE (automatic keying) or a manual proposal (manual keying). |
ForceTunnelMode |
This object specifies the strategy when transport mode is used. By default, the system always uses transport mode, if possible. If this variable is set to true, always tunnel mode will be used for this traffic entry, even if source and destination address match the tunnel endpoints. Possible values: true(1), -- Use tunnel mode even if transport mode is possible false(2) -- Use transport mode whenever possible. |
LifeTime |
This object specifies an index in the ipsecLifeTimeTable. This lifetime overwrites the lifetimes specified for all proposals referenced by this traffic entry. It may itself be overwritten by an explicit lifetime specified for the peer entry referencing this traffic entry. If the lifetime pointed to by this index does not exist or is inappropriate, the default lifetime from the ipsecGlobalsTable is used. |
Granularity |
This object specifies the granularity with which SA's must be created for this kind of traffic. Possible values: default(1), -- use the setting from the ipsecPeerTable coarse(2), -- Create only one SA for each Traffic entry ip(3), -- Create one SA for each host proto(4), -- Create one SA for each protocol and host port(5) -- Create one SA for each port and host. |
KeepAlive |
This object specifies whether SA's created for this kind of traffic should be rekeyed on expiration of soft lifetimes even if there has not been sent any traffic over them. Possible values: true(1), -- rekey SA's even if no data was transferred false(2), -- do not rekey SA's if no data was transferred default(3) -- use the default setting from the peer entry -- referencing this traffic entry. |
Interface |
This object specifies the interface for which the traffic entry should be valid (pass, drop and protect entries). If this object is set to -1, there is no interface restriction. |
Direction |
This object specifies the direction for which this traffic entry should match. It only applies for pass and drop entries, for protect entries it is meaningless. Possible values: bidirectional(1), -- matches packets from remote to local -- and vice versa inbound(2), -- matches only packets from remote to local outbound(3) -- matches only packets from local to remote. |
LocalAddressType |
The type of the local address specification. This may be either a statically configured address or a dynamic address which is taken from some state information. |
RemoteAddressType |
The type of the remote address specification. This may be either a statically configured address or a dynamic address which is taken from some state information. |
Profile |
The index from the ipsecProfileTable containing a special phase 2 profile to use for this traffic entry. |
Creator |
This object shows the creator of the traffic entry. |