HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 4: (Optional) Securing Payload Packets Routed Through the Home Agent
Chapter 7224
-flags MIPV6 The flags must include MIPV6.
Step 4B: Payload Packets: Configuring the Gateway
IPSec Policy for Home Agent - Mobile Node Segments
The second gateway IPSec policy is for the data path segments between
the Home Agent and the Mobile Node. The syntax is similar to the
syntax used in the previous section (Step 4A: Payload Packets:
Configuring the Gateway IPSec Policy for Home Agent - Correspondent
Node Segments), with the following differences:
• The source and destination addresses are swapped
• You must specify the name of the tunnel policy between the Home
Agent and the Mobile Node for payload packets
(
payload_tunnel_name
). You configure this tunnel in the next
section (Step 4C: Payload Packets: Configuring the Home Agent -
Mobile Node Tunnel).
• You can specify the homeclear argument, which specifies that
HP-UX IPSec will not secure packets to the Mobile Node when the
Mobile Node is attached to the specified home link
(
interface_name)
. Using the homeclear argument provides better
performance when the Mobile Node is attached to the home link.
•The
priority_number
must be greater (lower priority) than the
policy configured in “Step 2B: Return Routability Messages:
Configuring the Gateway IPSec Policy for Home Agent - Mobile Node
Segments” on page 216.
Syntax
ipsec_config add gateway
gwy_policy_name
-source
cn_addr
-destination
mn_home_addr
-protocol ALL [-priority
priority_number
]
-tunnel
payload_tunnel_name
-action FORWARD -flags MIPV6
[-homeclear
interface_name
]
gwy_policy_name
The
gwy_policy_name
is the user-defined name for
the gateway IPSec policy. This name must be unique for each gateway
IPSec policy and is case-sensitive. The name must be 1 - 63 characters.
Each character must be an ASCII alphanumeric character, hyphen (-), or
underscore (_).