HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

251

252

253

254

255

256

257

258

259

260

HP-UX IPSec and MC/ServiceGuard

Step 2: Configuring HP-UX Host IPSec Policies for MC/ServiceGuard

Chapter 8250

For remote execution of the cmscancl command, HP-UX IPSec must not

discard the following packets:

Remote Command Client Host IPSec Policies

If HP-UX IPSec is installed on the remote command clients, configure

host IPSec policies for the packets listed below with transform lists that

correspond to the policies on the cluster nodes.

The cluster nodes also initiate TCP connections to the remote command

clients using dynamically assigned source and destination ports, as

listed below. You must configure HP-UX IPSec so it does not discard the

Source IP

Address

Destination

IP Address

Protocol

Source

Port

Destination

Port

cluster node

address (or

wildcard)

remote

command

client address

TCP 514 0

Source IP

Address

Destination

IP Address

Protocol

Source

Port

Destination

Port

remote

command

client address

(or wildcard)

cluster node

address

TCP 0 5302

remote

command

client address

(or wildcard)

cluster node

address

UDP 0 5302