HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec Overview
HP-UX IPSec Configuration and Management Features
Chapter 146
HP-UX IPSec Configuration and Management
Features
The HP-UX IPSec product includes the configuration and management
features listed below.
• Easy-to-use configuration utilities
You configure HP-UX IPSec using ipsec_config, which allows
batch mode operation. To configure security certificates, use
ipsec_mgr, which has a graphical user interface (GUI) and online
help.
• Packet-based configuration
You control IPSec behavior by defining packet filters in IPSec
policies. An IPSec policy contains a packet filter definition and list of
actions or transforms (pass, discard, use ESP or AH) to apply to the
packets. The packet filter definition contains the following fields:
— local IP address
— local address prefix length (for subnet addresses)
— remote IP address
— remote address prefix length (for subnet addresses)
— upper-layer protocol (such as TCP, UDP. or ICMP)
— local TCP or UDP port number
— remote TCP or UDP port number
You can also select a network service for the filter, such as telnet,
instead of the upper-layer protocol and port numbers.
• Bypass IPv4 address configuration
You can configure HP-UX IPSec to bypass, or ignore, local IPv4
interfaces that you do not need to secure. This feature is useful for
internal networks where most traffic passes in clear text and only
specific applications need to be secured.
• Configuration test utility