HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Configuration Overview
Chapter 7208
Understanding Gateway IPSec Policies
Gateway IPSec policies specify forwarding behavior on gateways, or
nodes that forward IP packets. HP-UX IPSec A.02.00 supports gateway
IPSec policies only on HP-UX Mobile IPv6 Home Agents that use the
policies to forward IP packets to and from Mobile IPv6 clients.
You configure two gateway IPSec policies for each end-to-end address
pair. Each gateway IPSec policy specifies the source and destination
addresses for the end-to-end packets, and defines the HP-UX IPSec
behavior for the data segments between the gateway and the destination
endpoint.
Figure 7-4 shows the main ipsec_config parameters for configuring the
two gateway IPSec policies on a gateway, G, for forwarding packets
between the end systems A and B. The first gateway IPSec policy, G-A, is
used for the data segments between G and A when G forwards packets
between A and B (the data segments on the left side of the figure). The
to_A policy specifies that G uses the tunnel tunnelG-A for the data
segments between G and A. You configure the tunnelG-A parameters in
a separate tunnel IPSec policy.
The second gateway IPSec policy, G-B, is used for the data segments
between G and B when G forwards packets between A and B (the data
segments on the right side of the figure). The to_B policy specifies that G
forwards the packets in clear text for the data segments between G and
B.
Figure 7-4 Gateway IPSec Policies
G
A B
ipsec_config add gateway G-B
-source
A_addr
-dst
B_addr
-action forward ...
B to A packets
A to B packets
ipsec_config add gateway G-A
-source
B_addr
-dst
A_addr
-tunnel tunnelG-A ...