HELP
|
cscript
ICMNetworkIsolation.vbe /?
|
Displays the
syntax for the command.
|
ENABLE
POLICY
|
cscript
ICMNetworkIsolation.vbe /enablePolicy <36+ characters PreSharedKey in double
quotes> [/encrypt]
Note
|
The only
nonsupported character for use in the PresharedKey is double quotes because
that character marks the beginning and end of the key. You can enter any other
character within the key.
|
For example:
cscript
ICMNetworkIsolation.vbe /enablePolicy
"myspecialpresharedkey123456789mnbvcx"
|
Creates a
new policy or enables an existing one from the stored policy XML file.
Optionally
enables encryption of the network traffic data.
Creates a
new policy in Windows IPsec policy store and adds all Boundary Devices listed
in the XML file. If the XML file does not exist, then it creates a new XML
file. The /encrypt option overrides the value set in the XML file.
|
Note
|
The add,
remove, and delete arguments make a backup of the XML file and name it
xml.lastconfig before carrying out their function.
|
|
ADD BOUNDARY
|
cscript
ICMNetworkIsolation.vbe /addBoundary DNS|WINS|DHCP|GATEWAY
For example:
cscript
ICMNetworkIsolation.vbe /addBoundary DNS
This example
adds the DNS server to the Boundary Device list.
|
Adds to the
Boundary Device list the type of device specified.
The type can
be specified as DNS, WINS, DHCP, or GATEWAY.
The utility
recognizes DNS, WINS, DHCP, and GATEWAY as the Domain Name System (DNS) device,
the Windows Internet Name Service (WINS) device, the Dynamic Host Configuration
Protocol (DHCP) device, and the default Gateway (GATEWAY) device respectively.
The Windows
operating system dynamically detects a change in IP address for each of the
preceding types of devices and dynamically updates the Boundary filter list
accordingly.
|
cscript
ICMNetworkIsolation.vbe /addAnyHostBoundary <Outbound|Inbound>
<TCP|UDP> <PortNumber>
For
example:
cscript
ICMNetworkIsolation.vbe /addAnyHostBoundary Inbound TCP 5900
This example
allows VNC access from all machines.
|
Adds to the
Boundary Device list any device that matches the following criteria:
-
One of
the specified traffic directions (outbound or inbound).
-
One of
the specified protocols, Transmission Control Protocol (TCP) or User Datagram
Protocol (UDP).
-
The
specified port.
|
cscript
ICMNetworkIsolation.vbe /addIPAddrBoundary <IP address>
<Outbound|Inbound> <TCP|UDP|ICMP|Any> [All|PortNumber]
For
example:
cscript
ICMNetworkIsolation.vbe /addIPAddrBoundary 10.86.121.160 Outbound Any
This
example allows all outbound traffic to a device with the specified IP address.
|
Adds to
the Boundary Device list the IP address of a device that has the following
configuration:
-
(required) The specified IP address.
-
(required) One of the specified traffic directions (outbound or
inbound).
-
(required) One of the specified protocols (required):
Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet
Control Message Protocol (ICMP), or any protocol.
-
(optional) any port or a specified port if the selected protocol
is TCP or UDP.
|
cscript
ICMNetworkIsolation.vbe /addSubnetBoundary <StartingIP address>
<Subnet Mask> <Outbound|Inbound> <TCP|UDP|ICMP|Any>
[All|PortNumber]
|
Adds to
the Boundary Device list the subnet that has the following configuration:
-
(required) The starting IP address of the following specified
range.
-
(required) The specified subnet mask (a range of logical
addresses within an address space).
-
(required) One of the specified traffic directions (outbound or
inbound).
-
(required) One of the specified protocols, Transmission Control
Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol
(ICMP), or any protocol.
-
(optional) any port or a specified port if TCP or UDP is
selected as the protocol.
|
REMOVE
BOUNDARY
|
cscript
ICMNetworkIsolation.vbe /removeBoundary DNS|WINS|DHCP|GATEWAY
For
example:
cscript
ICMNetworkIsolation.vbe /removeBoundary GATEWAY
|
Removes
from the Boundary Device list the type of device specified.
The type
can be specified as DNS, WINS, DHCP, or GATEWAY.
The
utility recognizes DNS, WINS, DHCP, and GATEWAY as the Domain Name System (DNS)
device, the Windows Internet Name Service (WINS) device, the Dynamic Host
Configuration Protocol (DHCP) device, and the default Gateway (GATEWAY) device
respectively.
Windows dynamically detects a change in IP address for each of
the preceding types of devices and dynamically updates the Boundary filter list
accordingly.
|
cscript
ICMNetworkIsolation.vbe /removeAnyHostBoundary <Outbound|Inbound>
<TCP|UDP> <PortNumber>
For
example:
cscript
ICMNetworkIsolation.vbe /removeAnyHostBoundary Inbound TCP 5900
|
Removes
from the Boundary Device list any host device at the specified IP address that
matches the following criteria:
-
One of
the specified traffic directions (outbound or inbound).
-
One of
the specified protocols (TCP or UDP).
-
The
specified port number for internet traffic.
|
cscript
ICMNetworkIsolation.vbe /removeIPAddrBoundary <IP address>
<Outbound|Inbound> <TCP|UDP|ICMP|Any> [All|PortNumber]
For
example:
cscript
ICMNetworkIsolation.vbe /removeIPAddrBoundary 10.86.121.160 Outbound
Any
|
Removes
from the Boundary Device list the device at the specified IP address that has
the following configuration:
-
(required) The specified IP address.
(required) One of the specified traffic directions (outbound or
inbound).
-
(required) One of the specified protocols (TCP, UDP, ICMP, or
any protocol).
-
(optional) any port or a specified port if TCP or UDP is the
specified protocol.
|
cscript
ICMNetworkIsolation.vbe /removeSubnetBoundary <StartingIP address>
<Subnet Mask> <Outbound|Inbound> <TCP|UDP|ICMP|Any>
[All|PortNumber]
For
example:
cscript
ICMNetworkIsolation.vbe /removeSubnetBoundary 10.86.0.0.255.255.0.0 Inbound Any
|
Removes
from the Boundary Device list all the devices at the specified IP address that
have the following configuration:
-
(required) The starting IP address of the following specified
range.
-
(required) The specified subnet mask.
-
(required) One of the specified traffic directions (outbound or
inbound).
-
(required) One of the specified protocols (TCP, UDP, ICMP, or
any protocol).
-
(optional) a port or a specified port.
|
DISABLE
POLICY
|
cscript
ICMNetworkIsolation.vbe /disablePolicy
|
Disables
the
Unified ICM
Network Isolation IPsec policy on the computer. However, the policy is not
deleted and it can be re-enabled.
This
option is helpful when troubleshooting network problems.
If you
have a network connectivity problem and you do not know the cause, disable the
policy to help you clarify the source of your problem. If you are still having
the problem with the policy disabled, then the policy is not the cause of your
problem.
|
DELETE
POLICY
|
cscript
ICMNetworkIsolation.vbe /deletePolicy
|
Deletes
the
Unified ICM
Network Isolation Security policy from the Windows IPsec policy store and
renames the XML file to CiscoICMIPsecConfig.xml.lastconfig.
|