General data management tunnel example

Edit online

A Data Management tunnel can be used to send a message to the system.

An initiator sends the following to the AIX system in a phase 2 (Data Management) message:
  local ID type:    IPV4_Address
  local ID:         192.168.100.104

  remote ID type:   IPV4_Subnet
  remote ID:        10.10.10.2
  remote netmask:   255.255.255.192
The AIX system does not have a Data Management tunnel matching these IDs. But it does have an IPSecProtection with the following attributes defined: 
  IKE_IPSecDefaultProtectionRef="_defIPSprot_protection4"
  IKE_IPSecDefaultAllowedTypes="Local_IPV4_Address
                                Remote_IPV4_Address
                                Remote_IPV4_Subnet
                                Remote_IPV4_Address_Range"

The local ID type of the incoming message, IPV4_Address, matches one of the Local_ values of the allowed types, Local_IPV4_Address. Also, the remote ID of the message, IPV4_Subnet, matches the value Remote_IPV4_Subnet. Therefore the Data Management tunnel negotiation will proceed with _defIPSprot_protection4 as the IPSecProtection.

The /usr/samples/ipsec/default_p2_policy.xml file is a full XML file defining a generic IPSecProtection that can be used as an example.