Data management parameters and policy
The data management proposal parameters are set during phase 1 of an IKE tunnel configuration. They are the same IP Security parameters used in manual tunnels and describe the type of protection to be used for protecting data traffic in the tunnel. You can start more than one phase 2 tunnel under the same phase 1 tunnel.
The following endpoint ID types describe the type of data that
uses the IP Security Data tunnel:
- Host, Subnet, or Range
- Describes whether the data traffic traveling in the tunnel will be for a particular host, subnet, or address range.
- Host/Subnet ID
- Contains the host or subnet identity of the local and remote systems passing traffic over this tunnel. Determines the IDs sent in the phase 2 negotiation and the filter rules that will be built if the negotiation is successful.
- Subnet mask
- Describes all IP addresses within the subnet (for example, host 9.53.250.96 and mask 255.255.255.0).
- Starting IP Address Range
- Provides the starting IP address for the range of addresses that will be using the tunnel (for example, 9.53.250.96 of 9.53.250.96 to 9.53.250.93).
- Ending IP Address Range
- Provides the ending IP address for the range of addresses that will be using the tunnel (for example, 9.53.250.93 of 9.53.250.96 to 9.53.250.93).
- Port
- Describes data using a specific port number (for example, 21 or 23).
- Protocol
- Describes data being transported with a specific protocol (for example, TCP or UDP). Determines the protocol sent in the phase 2 negotiation and the filter rules that will be built if the negotiation is successful. The protocol for the local endpoint must match the protocol for the remote end point.
- End Port
- Describes the end port for the data transmission (for example, 100 or 500). By default, 65355 is the end port.
Restriction: For IKEv2, only use IPv4 or IPv6 address
ranges as traffic selectors. End Port is applicable only for IKEv2
and AIX 6.1 TL 04, or
later.