HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 6: Configuring the Bypass List (Local IPv4 Addresses)
Chapter 3102
application (16.1.1.1 and 16.2.2.2), and configure the critical application
to use only the specific logical interfaces. You can then configure the
remaining logical interfaces in the bypass list (15.1.1.1 and 15.2.2.2).
Figure 3-1 Bypass List Example
Maximizing Security
An IPv4 address in the bypass list has the same effect as an open IPSec
policy, with the bypass interface address as the local address, a wildcard
(*) remote address, wildcard protocol and ports, and a Pass transform.
If you configure entries in the bypass list, intruders may be able to access
services or ports bound to addresses in the bypass list from other
interfaces on the system, even if the other interface IP addresses are
secured by IPSec policies. Intruders may access services or ports bound
to addresses in the bypass list even if the intruders are not directly
connected to interfaces in the bypass list.
HP recommends that you do not use the bypass list on systems where
you are using HP-UX IPSec as a filter or firewall to protect your
network.
See “Maximizing Security” on page 59 for more information.
ipsec_config add bypass Syntax
You can use the following ipsec_config add bypass syntax to
configure preshared keys in most installations:
ipsec_config add bypass
ip_address
HP recommends that you use an ipsec_config batch file to configure
HP-UX IPSec.To specify an add bypass operation for an ipsec_config
batch file, use the above syntax without the ipsec_config command
name:
15.2.2.2 (lan0:0)
15.1.1.1 (lan0:0)
16.1.1.1 (lan0:1)
16.2.2.2 (lan0:1)
bypass
secure
Node1
Node2