HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 4: (Optional) Securing Payload Packets Routed Through the Home Agent
Chapter 7 223
•The protocol argument value is ALL.
•The
priority_number
must be greater (lower priority) than the
policy configured in “Step 2A: Return Routability Messages:
Configuring the Gateway IPSec Policy for Home Agent -
Correspondent Node Segments” on page 215.
NOTE You can omit this policy if you are using the default gateway IPSec
policy shipped with HP-UX IPSec, which forwards all gateway packets in
clear text.
Syntax
ipsec_config add gateway
gwy_policy_name
-source
mn_home_addr
-destination
cn_addr
-protocol ALL [-priority
priority_number
]
-action FORWARD -flags MIPV6
gwy_policy_name
The
gwy_policy_name
is the user-defined name for
the gateway IPSec policy. This name must be unique for each gateway
IPSec policy and is case-sensitive. The name must be 1 - 63 characters.
Each character must be an ASCII alphanumeric character, hyphen (-), or
underscore (_).
-source
mn_home_addr
The
mn_home_addr
is the Mobile Node’s home
address.
-destination
cn_addr
The
cn_addr
is the Correspondent Node’s
address. In many cases, there will be a large number of possible
Correspondent Nodes and you may want to use the IPv6 wildcard
address instead (0::0).
-priority
priority_number
The
priority_number
is the priority
value HP-UX IPSec uses when selecting a gateway IPSec policy (a lower
priority value has a higher priority). The priority must be unique for
each gateway IPSec policy. The range is 1 - 2147483647.
The priority must be lower than the priority for the policy configured for
the Mobile Node in “Step 2A: Return Routability Messages: Configuring
the Gateway IPSec Policy for Home Agent - Correspondent Node
Segments” on page 215.