Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
71727374757677787980
Configuring HP-UX IPSec
Configuration Overview
Chapter 3 67
The bypass list specifies the local IPv4 addresses that IPSec will
bypass or ignore. The system will not attempt to find an IPSec policy
for packets sent or received using an IP address in the bypass list,
and will process these packets as if HP-UX IPSec was not enabled.
The bypass list improves transmission rates for addresses in the
bypass list and is useful in topologies where most of the network
traffic passes in clear text and only specific traffic must be secured by
IPSec.
The bypass list does not support IPv6 addresses.
Start-up options
The start-up options allow you to configure HP-UX IPSec to start
automatically at system boot-up time and to specify general
operating parameters.
HP-UX IPSec also supports gateway IPSec policies when used with
HP-UX Mobile IPv6. See “HP-UX IPSec and HP-UX Mobile IPv6 on
page 199 for more information on using gateway IPSec policies.
Although you can configure the above components in any order, HP
recommends that you use the following procedure to configure IPSec:
Step 1. Configure host IPSec policies.
See “Step 1: Configuring Host IPSec Policies” on page 69 for a description
of this step.
Step 2. Configure tunnel IPSec policies.
See “Step 2: Configuring Tunnel IPSec Policies” on page 81 for a
description of this step. Skip this step if the local system is not a tunnel
endpoint.
Step 3. Configure IKE policies.
See “Step 3: Configuring IKE Policies” on page 89 for a description of this
step.Skip this step if the local system uses only manual keys for IPSec.
Step 4. Configure IKE preshared keys using authentication records.
See “Step 4: Configuring Preshared Keys Using Authentication Records”
on page 95 for a description of this step. Skip this step if the local system
uses only manual keys for IPSec.