Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
81828384858687888990
Configuring HP-UX IPSec
Step 1: Configuring Host IPSec Policies
Chapter 3 79
Default: The value of the flags parameter in the HostPolicy-Defaults
section of the profile file used. The default flags value is NONE.
Host IPSec Policy Configuration Examples
The following batch file entry configures a host IPSec policy that
requires all traffic between 10.1.1.1 (the local system) and 10.5.5.5 to use
ESP with AES128 encryption and HMAC SHA-1 authentication:
add host apple_banana -source 10.1.1.1 \
-destination 10.5.5.5 -pri 20 -action ESP_AES128_HMAC_SHA1
The following batch file entry configures a host IPSec policy that
requires all outbound IPv4 rlogin sessions (where the local system is an
rlogin client) to use authenticated ESP, with AES128 encryption and
HMAC SHA-1 authentication. The user does not specify the source
argument, and the ipsec_config program uses the default source
argument value from the /var/adm/ipsec/.ipsec_profile file
(0.0.0.0/0/0 - the wildcard IPv4 address and any port). The destination
argument specifies the wildcard IPv4 address (0.0.0.0/0), and service
name RLOGIN (port 513, protocol TCP).
add host rlogin_out -destination 0.0.0.0/0/RLOGIN \
-pri 100 -action ESP_AES128_HMAC_SHA1
The following batch file entry configures a host IPSec policy that
requires telnet requests (where the local system is the telnet server)
from subnet 10.0.0.0 to use authenticated ESP, with AES128 encryption
and HMAC SHA-1 authentication.
add host telnet_in -source 0.0.0.0/0/TELNET \
-destination 10.0.0.0/8 -pri 120 \
-action ESP_AES128_HMAC_SHA1
The following batch file entry configures a host IPSec policy for an
application that listens for requests on local TCP port 50000. The policy
requires all packets connecting to the application to use AH with HMAC
SHA-1 authentication.
add host my_app -source 0.0.0.0.0/0/50000 -protocol TCP \
-pri 140 -action AH_SHA1
The local system (10.1.1.1) is using a host-to-host tunnel with system
10.2.2.2. The following batch file entry configures a host IPSec policy
that references the tunnel policy my_host_host_tunnel and specifies