HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 1: Configuring Host IPSec Policies
Chapter 370
Automatic Priority Increment
You can explicitly set the priority of an IPSec policy with the priority
argument, or you can use the automatic priority increment value for host
policies in the profile file (the priority parameter value in the
HostPolicy-Defaults section of the profile file). If you do not specify a
priority argument, ipsec_config assigns a priority value that is set to
the current highest priority value (lowest priority) in the configuration
data base, incremented by the automatic priority increment value for
host policies. The result is that the new policy will be the last policy
evaluated before the default policy. The default automatic priority
increment value (priority) is 10.
If you are configuring the first host IPSec policy and do not specify a
priority argument, ipsec_config assigns the automatic priority
increment value as the priority.
ipsec_config add host Syntax
If you are not using manual keys, you can use the following
ipsec_config add host syntax in most installations:
ipsec_config add host
host_policy_name
[-source
ip_addr
[/
prefix
][/
port_number
|
service_name
]]]
[-destination
ip_addr
[/[
prefix
][/
port_number
|
service_name
]]]
[-protocol
protocol_id
] [-priority
priority_number
]
[-action PASS|DISCARD|
transform_list
] [-flags
flags
]
HP recommends that you use an ipsec_config batch file to configure
HP-UX IPSec. To specify an add host operation for an ipsec_config
batch file, use the above syntax without the ipsec_config command
name:
add host
host_policy_name
[-source
ip_addr
[/[
prefix
][/
port_number
|
service_name
]]]
[-destination
ip_addr
[/
prefix
][/
port_number
|
service_name
]]]
[-protocol
protocol_id
] [-priority
priority_number
]
[-action PASS|DISCARD|
transform_list
] [-flags
flags
]
The full ipsec_config add host syntax specification also allows you to
specify the following arguments:
• nocommit (verify the syntax but do not commit the information to the
database)
• profile (alternate profile file)