HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 2: Configuring Tunnel IPSec Policies
Chapter 3 83
-source and -destination
ip_addr
[/
prefix
[/
port_number
|
service_name
]]
HP-UX IPSec uses the
ip_addr
,
prefix
, and
port_number
or
service_name
] with the protocol argument to form an address
identifier. When negotiating an outbound IPSec tunnel SA, HP-UX
IPSec uses the source address identifier as the proxy source ID, and uses
the destination address identifier as the proxy destination ID. When
negotiating an inbound IPSec tunnel SA, HP-UX IPSec uses the
destination address identifier as the proxy source ID and the source
address identifier as the proxy destination ID. The proxy ID values must
exactly match the proxy ID values on the remote system.
If you are using manual keys with an IPv6 ESP, HP-UX IPSec also uses
the address identifier to verify the address fields in the original
(end-to-end) packet. For an outbound tunneled packet (the local address
is the source address in the tunnel packet header), HP-UX IPSec verifies
the source address identifier with the source address fields in the
original packet, and the destination address identifier with the
destination address fields in the original packet. For an inbound
tunneled packet (the local address is the destination address in the
tunnel packet header), HP-UX IPSec verifies the source address
identifier with the destination address fields in the original packet, and
the destination address identifier with the source address fields in the
original packet.
Default: If you do not specify
ip_addr
,
prefix
, and
port_number
or
service_name
, ipsec_config uses the value of the source or
destination parameter in the TunnelPolicy-Defaults section of the
profile file used.of the profile file used. The default value for source and
destination is 0.0.0.0/0/0 (match any IPv4 address, any port).
Where:
ip_addr
The
ip_addr
is the proxy (end system) source or destination IP
address.
Acceptable Values: An IPv4 address in dotted-decimal notation or an
IPv6 address in colon-hexadecimal notation. The IP address type (IPv4
or IPv6) must be the same for the source and destination address.
HP-UX IPSec does not support unspecified IPv6 addresses. However, you
can use the double-colon (::) notation within a specified IPv6 address to
denote a number of zeros (0) within an address. The address must be a
unicast address.