HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Mobile IPv6 Configuration Example
Chapter 7 229
add host mn2222_prefix \
-source 3ffe::83ff:fef7:1111 \(Home Agent)
-destination 3ffe::83ff:fef7:2222 \(Mobile Node’s Home Address)
-proto ICMPV6 -pri 210 -action ESP_AES128_HMAC_SHA1 \
-flags MIPV6\
-in ESP/2500007/0x1234567890123456789012345678901234567890\
/0x12345678901234567890123456789012/0x1234567890123456 \
-out ESP/2500008/0x0123456789012345678901234567890123456789\
/0x01234567890123456789012345678901/0x0123456789012345
(Optional) Payload Messages Routed Through the
Home Agent
Configure HP-UX IPSec to secure payload messages between the Mobile
Node and the Correspondent Node when they are routed through the
local node (Home Agent).
Payload Gateway IPSec Policies
You must configure two gateway IPSec polices for this topology: one for
the data path between the Home Agent and the Correspondent Node,
and one for the data path between the Home Agent and the Mobile Node.
The priority values for these policies must be greater (lower priority)
than the gateway IPSec policies configured for the Return Routability
messages, and the protocol is ALL.
Gateway IPSec Policy for Home Agent - Correspondent Node
Segments
add gateway mn2222_payload_to_cn \
-source 3ffe::83ff:fef7:2222 \(Mobile Node’s Home Address)
-destination 0::0 \(wildcard for any Correspondent Node)
-protocol ALL -pri 300 -action FORWARD -flags MIPV6
Gateway IPSec Policy for Home Agent - Mobile Node Segments
add gateway mn2222_payload_to_mobile_node \
-source 0::0 \(wildcard for any Correspondent Node)
-destination 3ffe::83ff:fef7:2222 \(Mobile Node’s Home Address)
-protocol ALL -pri 310 -tunnel mn2222_payload_tunnel \
-flags MIPV6