HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and MC/ServiceGuard
Step 2: Configuring HP-UX Host IPSec Policies for MC/ServiceGuard
Chapter 8244
Step 2: Configuring HP-UX Host IPSec
Policies for MC/ServiceGuard
Overview
Use the procedure described in Chapter 3, “Step 1: Configuring Host
IPSec Policies” on page 69 to configure host IPSec policies, with the
following additional requirements:
•Configure PASS host IPSec policies for all packets sent between the
heartbeat IP addresses. This ensures that MC/ServiceGuard does not
unnecessarily reform the cluster because of delays introduced by
HP-UX IPSec. This also ensures that HP-UX IPSec does not encrypt,
authenticate, or discard other MC/ServiceGuard control messages.
• If you are using the optional MC/ServiceGuard Quorum Server,
remote command execution, ServiceGuard Manager, or
ServiceGuard Cluster Object Manager services, you must configure
HP-UX IPSec so it does not discard control messages for these
services. Table 8-1 on page 254 provides a summary of the port
numbers and protocols for these services.
This section describes the MC/ServiceGuard cluster information you
need to determine before configuring host IPSec policies. It also describes
how to configure host IPSec policies for package addresses, heartbeat IP
addresses, and optional MC/ServiceGuard services. This section also
contains a summary of the port numbers and protocols used by
MC/ServiceGuard services.
This section contains the following subsections:
• “Determining MC/ServiceGuard Cluster Information” on page 245
• “Configuring Host IPSec Policies for Package Addresses” on page 245
• “Configuring PASS Host IPSec Policies for Heartbeat IP Addresses”
on page 245
• “Configuring Host IPSec Policies for MC/ServiceGuard Quorum
Server” on page 247
• “Configuring Host IPSec Policies for Remote Command Execution”
on page 248