HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

211

212

213

214

215

216

217

218

219

220

HP-UX IPSec and HP-UX Mobile IPv6

Step 1: (Required) Securing Binding Messages Between the Home Agent and Mobile Node

Chapter 7212

-source

home_agent_addr

The

home_agent_addr

is the Home Agent’s IP address and cannot be a

wildcard or subnet address.

-destination

mn_home_addr

The

mn_home_addr

is the Mobile Node’s home address. This cannot be a

wildcard or subnet address.

-protocol MH

The protocol must be MH (Mobile IPv6 Mobility Headers).

-priority

priority_number

The

priority_number

is the priority value HP-UX IPSec uses when

selecting a host IPSec policy (a lower priority value has a higher

priority). The priority must be unique for each host IPSec policy. The

range is 1 - 2147483647.

-action

transform_name

The

transform_name

must be an authenticated ESP transform with a

non-null authentication method, according to the Mobile IPv6 protocol

specification. For example, ESP_AES128_HMAC_SHA1. The transform

cannot be a nested transform.

-in and -out

manual_key_sa_specification

For Mobile IPv6, the format for

manual_key_sa_specification

is:

ESP/spi/auth_key/enc_key/iv

ESP indicates the transform is an ESP transform. For Mobile IPv6, you

must use an authenticated ESP transform with non-null encryption and

authentication methods.

spi

is the decimal or hexadecimal (prefixed by 0x) Security Parameters

Index (SPI) number, used to identify the Security Association (SA). The

inbound SPI must be unique on the local system for all ESP SAs, outside

the range of dynamic SPI numbers, and match the outbound SPI on the

remote system. The outbound SPI must match the inbound SPI on the

remote system.