HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 1: Configuring Host IPSec Policies
Chapter 3 71
• in and out (inbound and outbound SA information for manual keys)
Refer to the ipsec_config (1M) manpage for full syntax information.
host_policy_name
The
host_policy_name
is the user-defined name for the host IPSec
policy. This name must be unique for each host IPSec policy and is
case-sensitive.
Acceptable Values: 1 - 63 characters. Each character must be an ASCII
alphanumeric character, hyphen (-), or underscore (_).
The name default is reserved. See “default Host IPSec Policy” on
page 69 for more information.
-source and -destination
ip_addr
[/
prefix
[/
port_number
|
service_name
]]
HP-UX IPSec uses the
ip_addr
,
prefix
, and
port_number
or
service_name
] with the protocol argument to form an address filter.
HP-UX IPSec uses the address filter to select an IPSec policy for a
packet. Specify a local IP address for the source
ip_addr
. For an
outbound packet, HP-UX IPSec compares the source address filter with
the source address fields in the packet, and the destination address filter
with the destination address fields in the packet. For an inbound packet,
HP-UX IPSec compares the source address filter with the destination
address fields in the packet, and the destination address filter with the
source address fields in the packet.
Default: If you do not specify
ip_addr
,
prefix
, and
port_number
or
service_name
, ipsec_config uses the value of the source or
destination parameter in the HostPolicy-Defaults section of the profile
file used. The default value for source and destination is 0.0.0.0/0/0
(match any IPv4 address, any port).
ip_addr
The
ip_addr
is the source or destination IP address.
Acceptable Values: An IPv4 address in dotted-decimal notation or an
IPv6 address in colon-hexadecimal notation. The IP address type (IPv4
or IPv6) must be the same for the source and destination address.
HP-UX IPSec does not support unspecified IPv6 addresses. However, you
can use the double-colon (::) notation within a specified IPv6 address to
denote a number of zeros (0) within an address. The address cannot be a
broadcast, subnet broadcast, multicast, or anycast address.