Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
141142143144145146147148149150
HP-UX IPFilter and IPSec
IPSec UDP Negotiation
Chapter 9132
When TCP traffic is initiated from A to B or from B to A, IPSec on both
machines communicates through a UDP/500 connection. You must
configure IPFilter on machine A to let this traffic through. To do so, add
the following rules to your configuration:
pass in quick proto UDP from 15.15.15.15 port = 500 to
10.10.10.10 port = 500
pass out quick proto UDP from 10.10.10.10 port = 500 to
15.15.15.15 port = 500
block in proto UDP
block out proto UDP
These rules let IPSec traffic pass correctly.
NOTE You must configure IPFilter to pass traffic both in and out on UDP port
500 for IPSec to work properly. If IPFilter is used with IPSec requiring
the NAT traversal function, UDP port 4500 must be set to pass for in
and out traffic.