Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
81828384858687888990
Configuring HP-UX IPSec
Step 2: Configuring Tunnel IPSec Policies
Chapter 3 85
-protocol
protocol_id
The
protocol
is the value or name of the upper-layer protocol that
HP-UX IPSec uses in the address filter to select an IPSec policy for a
packet. You cannot specify protocol and
service_name
in the same
policy.
Specifying ICMPV6 affects only the following ICMPv6 messages: Echo
Request, Echo Reply, Mobile Prefix Solicitation, Mobile Prefix
Advertisement.
To ensure proper operation of IPv6 networks, HP-UX IPSec always
allows all ICMPv6 messages not listed above to pass in clear text
Acceptable Values: Integer value 0 (any protocol) - 255, or one of the
following protocol names:
TCP
UDP
ICMP
ICMPV6
IGMP
MH (Mobile IPv6 Mobility Headers)
ALL (any protocol)
The protocols ICMP and IGMP are valid with IPv4 addresses only. The
protocols ICMPV6 and MH are valid with IPv6 addresses only.
NOTE The protocol value must be ALL or 0 if the corresponding host policy (the
host policy that references this tunnel policy) uses a transform (the host
policy action is not PASS).
Default: ALL.
CAUTION Discarding or requiring ICMP messages (Internet Control Message
Protocol messages for IPv4; protocol value 1) to be encrypted or
authenticated may cause connectivity problems. See Appendix A, “IPv4
ICMP Messages” on page 282 for more information.