Policy agent treats IP filtering rules as a series of conditions. That is, the source address is a condition. The destination address is a condition, etc. The pasearch command displays each of these conditions.
The configured source and destination address for an IP filtering rule can be a single address, a range of addresses (x.x.x.1-x.x.x.2), a subnet (x.x.0.0/16), or even a group of addresses. pasearch uses the From/To to indicate the scope of the condition. In your case you had a single source address (10.1.0.3) so the From and To both indicate that value. For a rule that has a source address range of 10.1.0.1-10.1.0.3, the FromAddr would indicate 10.1.0.1 and the ToAddr would indicate 10.1.0.3.
This topic in the IP Configuration Guide discusses IPsec policy and the concepts of conditions. https://www.ibm.com/docs/en/zos/3.1.0?topic=types-ipsec-policy
------------------------------
Joyce Anne Porter
------------------------------
Original Message:
Sent: Wed December 06, 2023 04:52 AM
From: Colin Paice
Subject: Use of pasearch
Thanks to Joyce for answering my previous question.
Im now trying to use pasearch to display an IP filtering Policy.
The output says
IpFilter Condition:
Source Address:
Destination Address:
FromAddr: 10.1.1.2
ToAddr: 10.1.1.2
But the
doc does not explain what FromAddr and ToAddr mean. I can understand FromAddr: but what is ToAddr:. The To address (source) is 10.1.0.3
Similarly with
IpFilter Condition:
Source Address:
FromAddr: 10.1.0.3
ToAddr: 10.1.0.3
Destination Address:
The from is correct 10.1.0.3 but the ToAddr: is 10.1.1.2
Please can you explain what the differences in FromAddr and ToAddr are, and when they may have different values.
Thank you
Colin