You must select from a number of security policy options when you create a security policy on your storage system and on any Windows client served by the storage system.
| Parameter | Options | Description |
|---|---|---|
| source and destination address | -s and -t | Required. Addresses can have any of the following forms: |
| security protocol | -p | Required. Must be either Authentication Header (AH) or Encapsulated Security Payload (ESP) |
| encryption | -e | Optional. If the ESP protocol is selected, DES, triple DES, or no encryption can be specified. If this option is not specified, the best algorithm will be selected based on the peer capabilities. |
| authentication | -a | Required for AH protocol, optional for ESP protocol. SHA-1, MD5, or no authentication can be specified. |
| direction | -d | Required. Specifies an inbound or outbound connection relative to your storage system. By default, a mirrored policy (with the same parameters, except direction) is created unless mirroring is turned off. |
| protocol | -f | Optional. Specifies an upper-layer protocol by number. |
| permission level | -l | Optional. Traffic can be restricted or permitted if a valid SA is not available. |
| index | -i | Specifies an index in the Security Policy Database. The index is obtained by the ipsec policy show command. |