HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 2: (Recommended) Securing Return Routability Messages Routed Through the Home Agent
Chapter 7 215
Step 2A: Configure a gateway IPSec policy for the data path segments
between the Home Agent and the Correspondent Node (2A in
Figure 7-5).
Step 2B: Configure a gateway IPSec policy for the data path segments
between the Home Agent and the Mobile Node (2B in Figure 7-5).
Step 2C: Configure a tunnel IPSec policy for the data path segments
between the Home Agent and the Mobile Node (2C in Figure 7-5).
Step 2A: Return Routability Messages: Configuring
the Gateway IPSec Policy for Home Agent -
Correspondent Node Segments
The first gateway IPSec policy is for the clear text data path segments
between the Home Agent (the gateway) and the Correspondent Node
(data path 2A in Figure 7-5). The source and destination address
specifications are relative to the packets forwarded by the Home Agent:
the source is the Mobile Node’s home address and the destination is the
Correspondent Node address, or an IPv6 wildcard address (0::0).
Syntax
You can use the following ipsec_config add gateway syntax for the
data path segments between the Home Agent and Correspondent Nodes
in most in topologies. To specify an add gateway operation for an
ipsec_config batch file, use the following syntax without the
ipsec_config command name (add gateway
gwy_policy_name
...).
Refer to the ipsec_config (1M) manpage for full syntax information.
NOTE You can omit the gateway IPSec policy for the Home Agent -
Correspondent Node segments if you are using the default gateway
IPSec policy shipped with HP-UX IPSec, which forwards all gateway
packets in clear text.
ipsec_config add gateway
gwy_policy_name
-source
mn_home_addr
-destination
cn_addr
-protocol MH [-priority
priority_number
] -action FORWARD
-flags MIPV6