HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 2: (Recommended) Securing Return Routability Messages Routed Through the Home Agent
Chapter 7218
Step 2C: Return Routability Messages: Configuring
the Home Agent - Mobile Node Tunnel
Configure the tunnel between the Home Agent and Mobile Node used for
Return Routability packets.
Syntax
You can use the following ipsec_config add tunnel syntax on the
Home Agent to configure the tunnel in most topologies. To specify an add
tunnel operation for an ipsec_config batch file, use the following
syntax without the ipsec_config command name (add tunnel
rr_tunnel_name
...). Refer to the ipsec_config (1M) manpage for full
syntax information.
ipsec_config add tunnel
rr_tunnel_name
-tsource
home_agent_addr
-tdestination
mn_home_addr
-source
cn_addr
-destination
mn_home_addr
-protocol MH -action
transform_name
-in
manual_key_sa_specification
-out
manual_key_sa_specification
rr_tunnel_name
The
rr_tunnel_name
is the user-defined name for the
Return Routability tunnel IPSec policy. This name must be unique for
each tunnel IPSec policy and is case-sensitive. The name must be 1 - 63
characters. Each character must be an ASCII alphanumeric character,
hyphen (-), or underscore (_).
-tsource
home_agent_addr
The
home_agent_addr
is the Home
Agent’s IP address and cannot be a wildcard or subnet address.
-tdestination
mn_home_addr
The
mn_home_addr
is the Mobile Node’s
home address. This cannot be a wildcard or subnet address.
-source
cn_addr
The
cn_addr
is the Correspondent Node’s address. In
many cases, there will be a large number of possible Correspondent
Nodes and you may want to use the IPv6 wildcard address instead
(0::0).
-destination
mn_home_addr
The
mn_home_addr
is the Mobile Node’s
home address.
-protocol MH The protocol must be MH (Mobile IPv6 Mobility Headers).