HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 1: (Required) Securing Binding Messages Between the Home Agent and Mobile Node
Chapter 7 211
Step 1: (Required) Securing Binding Messages
Between the Home Agent and Mobile Node
RFC 3776 specifies that you must use IPSec to secure binding messages
between the Home Agent and Mobile Node.
To secure binding messages, configure a host IPSec policy on the Home
Agent to secure Mobile IPv6 Mobility Header (MH) packets between the
Home Agent and the Mobile Node.
In the host IPSec policy, specify the Mobile Node’s home address as the
destination address. The Mobile Node’s home address is not in the source
or destination IP address fields in the binding messages; however,
Mobile IPv6 uses a special IPv6 header option and header so the binding
messages are processed as if the appropriate source and destination
address fields contain the Mobile Node’s Home Address.
Syntax
You can use the following ipsec_config add host syntax to secure
binding messages on the Home Agent in most topologies. To specify an
add host operation for an ipsec_config batch file, use the following
syntax without the ipsec_config command name (add host
host_policy_name
...). Refer to the ipsec_config (1M) manpage for full
syntax information.
ipsec_config add host
host_policy_name
-source
home_agent_addr
-destination
mn_home_addr
-protocol MH [-priority
priority_number
]
-action
transform_name
-flags MIPV6
-in
manual_key_sa_specification
-out
manual_key_sa_specification
host_policy_name
The
host_policy_name
is the user-defined name for the host IPSec
policy. The
host_policy_name
must be unique for each host IPSec policy
and is case-sensitive. The name must be 1 - 63 characters. Each
character must be an ASCII alphanumeric character, hyphen (-), or
underscore (_).