HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 1: Configuring Host IPSec Policies
Chapter 374
ICMP
ICMPV6
IGMP
MH (Mobile IPv6 Mobility Headers)
ALL (any protocol)
The protocols ICMP and IGMP are valid with IPv4 addresses only. The
protocols ICMPV6 and MH are valid with IPv6 addresses only.
The
protocol_id
must be TCP or UDP if
port
is non-zero.
Default: ALL.
CAUTION Discarding or requiring ICMP messages (Internet Control Message
Protocol messages for IPv4; protocol value 1) to be encrypted or
authenticated may cause connectivity problems. See Appendix A, “IPv4
ICMP Messages” on page 282 for more information.
-priority
priority_number
The
priority_number
is the priority value HP-UX IPSec uses when
selecting a host IPSec policy (a lower priority value has a higher
priority). The priority must be unique for each host IPSec policy.
Range: 1 - 2147483647.
Default: If you do not specify a priority, ipsec_config assigns a priority
value that is set to the current highest priority value (lowest priority) for
host IPSec policies in the configuration data base, incremented by the
automatic priority increment value (priority) for host IPSec policies
specified in the HostPolicy-Defaults section of the profile file (this policy
will be the last policy evaluated before the default policy). The default
automatic priority increment value (priority) is 10.
If this is the first host IPSec policy created, ipsec_config uses the
automatic priority increment value as the priority.
-tunnel
tunnel_policy_name
If packets using this host IPSec policy will be tunneled and the local
system is one of the tunnel endpoints, use the tunnel argument to
specify the
tunnel_policy_name
, the name of the tunnel IPSec policy to
use with this host IPSec policy.