Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
191192193194195196197198199200
HP-UX IPSec and IPFilter
IPSec UDP Negotiation
Chapter 6194
When TCP traffic is initiated from A to B or from B to A, IPSec on both
machines communicates through a UDP/500 connection. You must
configure IPFilter on machine A to let this traffic through. To do so, add
the following rules to your IPFilter configuration:
pass in quick proto UDP from 15.15.15.15 port = 500 to
10.10.10.10 port = 500
pass out quick proto UDP from 10.10.10.10 port = 500 to
15.15.15.15 port = 500
block in proto UDP
block out proto UDP
These rules let IPSec traffic pass correctly.
NOTE You must configure IPFilter to pass traffic both in and out on UDP port
500 for IPSec to work properly.