HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 2: Configuring Tunnel IPSec Policies
Chapter 384
prefix
The
prefix
is the prefix length, or the number of leading bits
that must match when comparing the IP address in a packet with
ip_addr
.
For IPv4 addresses, a prefix length of 32 bits indicates that all the bits in
both addresses must match. This prefix length is equivalent to an
address mask of 255.255.255.255. Use a value less than 32 to specify a
subnet address filter.
For IPv6 addresses, a prefix length of 128 bits indicates that all the bits
in both addresses must match. Use a value less than 128 to specify a
subnet address filter.
Range: 0 - 32 for an IPv4 address; 0 - 128 for an IPv6 address. If you are
using manual keys, prefix must be 32 if
ip_addr
is an IPv4 address or
128 if
ip_addr
is an IPv6 address.
Default: 32 if
ip_addr
is a non-zero IPv4 address, 128 if
ip_addr
is a
non-zero IPv6 address, or 0 (match any address) if
ip_addr
is an
all-zeros address (0.0.0.0 or 0::0). You must specify a prefix value if you
specify a port or service name as part of the address filter.
port
The
port
is the upper-layer protocol (TCP or UDP) port number
Specify the upper-layer protocol with the protocol argument described
below. The upper-layer protocol must be TCP or UDP if you specify a
non-zero port number
Acceptable Values: 0 - 65535. 0 indicates all ports.
NOTE The port value must be 0 if the corresponding host policy (the host policy
that references this tunnel policy) uses a transform (the corresponding
host policy action is not PASS).
Default: 0 (all ports).
service_name
The
service_name
is a character string that specifies a
network service. The ipsec_config utility will add a policy to the
configuration database with the appropriate port number and protocol,
as listed below. You cannot specify
service_name
and protocol in the
same policy.
See Table 3-1, “ipsec_config Service Names,” on page 72 for a list of valid
service names.