[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

System Management Guide: Communications and Networks


IP Security Reference

List of Commands


ike cmd=activate[phase=1|2] [numlist=tunnel_num_list] [remid=remote_id] [ipaddr=src_addr,dst_addr] [autostart] Starts an Internet Key Exchange (IKE) negotiation (AIX 4.3.2 and later). Flag remid is used to start phase1 or phase2 tunnel(s) from local IDto the specified remote ID. remid could be phase1 ID (such as IP address, FQDN, user@FQDN and X500DN), phase2 ID (such as IP address, subnet, and IP address range) or group ID. The , (comma) is used to delimit subnet ID/subnet mask, and starting or ending IP address. If remid is a group name, a tunnel is initiated for each group member. remid is an optional flag. It can only be used with the activate subcommand and cannot be used in conjunction with the ipaddr or numlist flags.
Examples:
  1. To activate a phase1 tunnel to remote IP address 9.3.97.100:

    ike cmd=activate phase=1 remid=9.3.97.100
    
  2. To activate a phase2 tunnel to remote subnet ID 9.3.97.100, 255.255.255.0:

    ike cmd=activate phase=2 \
    remid=9.3.97.100,255.255.255.0
    
ike cmd=remove Deactivates IKE tunnels (AIX 4.3.2 and later)
ike cmd=list Lists IKE tunnels (AIX 4.3.2 and later)
ikedb Provides the interface to the IKE tunnel database(AIX 5.1 and later)
gentun Creates a tunnel definition
mktun Activates tunnel definition(s)
chtun Changes a tunnel definition
rmtun Removes a tunnel definition
lstun Lists tunnel definition(s)
exptun Exports tunnel definition(s)
imptun Imports tunnel definition(s)
genfilt Creates a filter definition
mkfilt Activates filter definition(s)
mvfilt Moves a filter rule
chfilt Changes a filter definition
rmfilt Removes a filter definition
lsfilt Lists filter definition(s)
expfilt Exports filter definition(s)
impfilt Imports filter definition(s)
ipsec_convert Lists status of IP security
ipsecstat Lists status of IP security
ipsectrcbuf Lists the contents of IP security tracing buffer
unloadipsec Unloads a crypto module

List of Methods


defipsec Defines an instance of IP Security for IP Version 4 or IP Version 6
cfgipsec Configures and loads ipsec_v4 or ipsec_v6
ucfgipsec Unconfigures ipsec_v4 or ipsec_v6


[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]