HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 3: (Recommended) Securing Prefix Discovery Messages Between the Home Agent and Mobile Node
Chapter 7220
Step 3: (Recommended) Securing Prefix
Discovery Messages Between the Home Agent
and Mobile Node
If the Mobile Node supports prefix discovery, RFC 3776 specifies that
you should use IPSec to secure the ICMPv6 Mobile Prefix Solicitation
and Mobile Prefix Advertisement messages. You can skip this step if the
Mobile Nodes do not support prefix discovery.
To secure Prefix Discovery Packets, configure a host IPSec policy on the
Home Agent for each Mobile Node that secures ICMPv6 packets, and
uses manual keys for the SAs. This policy also configures IPSec for
ICMPv6 Echo Request and Echo Reply messages.
Syntax
You can use the following ipsec_config add host syntax on the Home
Agent to secure Prefix Discovery messages in most topologies. To specify
an add host operation for an ipsec_config batch file, use the following
syntax without the ipsec_config command name (add host
host_policy_name
...). Refer to the ipsec_config (1M) manpage for full
syntax information.
ipsec_config add host
host_policy_name
-source
home_agent_addr
-destination
mn_home_addr
-protocol ICMPV6 [-priority
priority_number
]
-action
transform_name
-flags MIPV6
-in
manual_key_sa_specification
-out
manual_key_sa_specification
host_policy_name
The
host_policy_name
is user-defined name for the host IPSec policy.
This name must be unique for each host IPSec policy and is
case-sensitive. The name must be 1 - 63 characters. Each character must
be an ASCII alphanumeric character, hyphen (-), or underscore (_).
-source
home_agent_addr
The
home_agent_addr
is the Home Agent’s IP address. This cannot be a
wildcard or subnet address.