HP-UX IPSec version A.02.00 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg(1M) ipsec_conﬁg(1M)

FTP-DATA 20 TCP

FTP-CONTROL 21 TCP

HTTP-TCP 80 TCP

HTTP-UDP 80 UDP

NTP 123 UDP

REXEC 512 TCP

RLOGIN 513 TCP

RWHO 513 UDP

REMSH 514 TCP

REMPRINT 515 TCP

SMTP 25 TCP

TELNET 23 TCP

TFTP 69 UDP

-prot

[

ocol] protocol_id

Upper-layer protocol. Value or name of the upper-layer protocol that HP-UX IPSec in the

address ﬁlter to select an IPSec policy for a packet. You cannot specify the

-protocol

argu-

ment and a service_name in the same policy.

Acceptable values: integer value in the range 0 (any protocol) - 255, or one of the following

protocol names:

TCP

, UDP

, ICMP

, ICMPV6

IGMP,

MH (Mobile IPv6 Mobility Header),

ALL

(any protocol).

protocol_id must be

TCP or

UDP if port_number is speciﬁed and is not zero.

ICMPV6: Specifying ICMPV6 affects only the following ICMPv6 messages:

Echo Request

Echo Reply

, Mobile Prefix Solicitation

, Mobile Prefix Advertisement

To ensure proper operation of IPv6 networks, HP-UX IPSec always allows all ICMPv6 mes-

sages not listed above to pass in clear text

CAUTION: Discarding or requiring ICMP messages (Internet Control Message Protocol mes-

sages for IPv4; protocol value 1) to be encrypted or authenticated may cause connectivity prob-

lems.

Default: If you do not specify protocol_id ,

ipsec_config uses the value of the

protocol

parameter in the

GWPolicy-Defaults

section of the proﬁle ﬁle used. The default value for

protocol is

ALL in /var/adm/ipsec/.ipsec_profile

-pri

[ority

] priori ty_number

Speciﬁes the priority value HP-UX IPSec will use when selecting a gateway IPSec policy. (A

lower priority value has a higher priority). The priority must be unique for each gateway

IPSec policy.

Range: 1 - 2147483647.

Default: If you do not specify a priority,

ipsec_config assigns a priority value that is set

to the current highest priority value (lowest priority) for gateway IPSec policies in the

conﬁguration data base, incremented by the automatic priority increment value (priority ) for

gateway IPSec policies speciﬁed in the

GWPolicy-Defaults

section of the proﬁle ﬁle used.

(This policy will be the last policy evaluated before the default policy). The default automatic

priority increment value (priority )is10in

/var/adm/ipsec/.ipsec_profile

If this is the ﬁrst gateway IPSec policy created,

ipsec_config uses the automatic priority

increment value as the priority .

-tunnel tunnel _poli c y_name

The name of the tunnel IPSec policy that deﬁnes the IPSec tunnel that the local system will

use when forwarding packets that use this policy (the tunnel between the local system and the

destination address).

You must specify

-action FORWARD if you specify the -tunnel argument.

-act[ion] FORWARD|FW|DISCARD

Speciﬁes the action HP-UX IPSec will perform on outbound packets (packets between the local

system to the destination address) using this policy.

You can specify the following actions:

12 Hewlett-Packard Company − 8 − HP-UX IPSec A.02.00