IpAddr statement

Use the IpAddr statement to encapsulate a single IP address specification. It can be referenced from any statement that requires a single address specification. It can also be referenced from an IpAddrGroup statement.

Syntax

Read syntax diagramSkip visual syntax diagramIpAddr name Put Braces and Parameters on Separate Lines
Put Braces and Parameters on Separate Lines
Read syntax diagramSkip visual syntax diagram{Addripaddress}

Parameters

name
A string 1 - 32 characters in length specifying the name of this IpAddr statement.

Rule: If this IpAddr statement is not specified inline within another statement, a name value must be provided. If a name is not specified for an inline IpAddr statement, a nonpersistent system name is created.

Addr
A single IP address.
Rules for AT-TLS policies:
  • If the IP address is IPv6, it cannot be an IPv4-mapped IPv6 address (in hexadecimal or dotted decimal format) or an IPv6 address with the reserved prefix ::/96. If the IPv6 address is one of these two types, an error message is logged.
  • IPv6 policy is installed but is not enforceable in a stack that is not IPv6 enabled.
Rules for IPSec policies:
  • IPv4-mapped IPv6 addresses and IPv6 addresses with the reserved prefix ::/96 are valid only for IP filter rules and for the Identity parameter on local and remote security end points. If the IPv6 address is one of these types for any other IPSec policies, an error message is logged.
  • IPv6 policy is installed but is not enforceable in a stack that is not IPv6 enabled.
Rules for IDS policies:
  • If the IP address is an IPv6 address, it cannot be an IPv4-mapped IPv6 address (in hexadecimal or dotted decimal format) or an IPv6 address with the reserved prefix ::/96. If the IPv6 address is one of these types, an error message is logged.
  • IPv6 policy is installed but is not enforceable in a stack that is not IPv6 enabled.
Rules for Routing policies:
  • If the IP address is an IPv6 address, it cannot be an IPv4-mapped address in hexadecimal or dotted decimal format or an IP address with the reserved prefix ::/96. If the IPv6 address is one of these types, then an error message is logged.
  • IPv6 policy is installed but is not enforceable in a stack that is not IPv6 enabled.
Rules for ZERT policies:
  • If the IP address is IPv6, it cannot be an IPv4-mapped IPv6 address (in hexadecimal or dotted decimal format) or an IPv6 address with the reserved prefix ::/96. If the IPv6 address is one of these two types, an error message is logged.
  • IPv6 policy is installed but is not enforceable in a stack that is not IPv6 enabled.
Restriction:
  • This statement is not available for use with QoS policies.