HP-UX IPSec version A.02.00 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg(1M) ipsec_conﬁg(1M)

FTP-CONTROL 21 TCP

HTTP-TCP 80 TCP

HTTP-UDP 80 UDP

NTP 123 UDP

REXEC 512 TCP

RLOGIN 513 TCP

RWHO 513 UDP

REMSH 514 TCP

REMPRINT 515 TCP

SMTP 25 TCP

TELNET 23 TCP

TFTP 69 UDP

-prot

[

ocol] protocol_id

Upper-layer protocol. Value or name of the upper-layer protocol that HP-UX IPSec in the

address ﬁlter to select an IPSec policy for a packet. You cannot specify the

-protocol

argu-

ment and a service_name in the same policy.

Acceptable values: integer value in the range 0 (any protocol) - 255, or one of the following

protocol names:

TCP,

UDP

, ICMP

, ICMPV6

IGMP,

(Mobile IPv6 Mobility Header),

ALL

(any protocol).

protocol_id must be

TCP

or UDP if port_number is speciﬁed and is not zero.

ICMPV6: Specifying ICMPV6 affects only the following ICMPv6 messages:

Echo Request

Echo Reply, Mobile Prefix Solicitation

, Mobile Prefix Advertisement

To ensure proper operation of IPv6 networks, HP-UX IPSec always allows all ICMPv6 mes-

sages not listed above to pass in cleartext

CAUTION: Discarding or requiring ICMP messages (Internet Control Message Protocol mes-

sages for IPv4; protocol value 1) to be encrypted or authenticated may cause connectivity prob-

lems.

Default: If you do not specify protocol_id ,

ipsec_config uses the value of the

protocol

parameter in the

HostPolicy-Defaults

section of the proﬁle ﬁle used. The default value

for

protocol is ALL

in /var/adm/ipsec/.ipsec_profile

-pri

[ority] prio r ity_number

The priority value HP-UX IPSec will use when selecting a host IPSec policy (a lower priority

value has a higher priority). The priority must be unique for each host IPSec policy.

Range: 1 - 2147483647.

Default: If you do not specify a priority,

ipsec_config assigns a priority value that is set

to the current highest priority value (lowest priority) for host IPSec policies in the

conﬁguration data base, incremented by the automatic priority increment value (priority ) for

host IPSec policies speciﬁed in the

HostPolicy-Defaults

section of the proﬁle ﬁle used

(this policy will be the last policy evaluated before the default policy). The default automatic

priority increment value (priority )is10in

/var/adm/ipsec/.ipsec_profile

If this is the ﬁrst host IPSec policy created,

ipsec_config

uses the automatic priority incre-

ment value as the priority .

-tunnel tunnel _poli c y_name

If packets using this host IPSec policy will be tunneled and the local system is one of the tun-

nel endpoints, enter the name of the tunnel IPSec policy to use with this host IPSec policy.

The value for the

-action argument cannot be DISCARD

if you specify the -tunnel argu-

ment, and must be

PASS if this is an end host in a host-to-host tunnel topology.

-act[ion] PASS|DISC[ARD]|transform_list

Speciﬁes the action HP-UX IPSec will perform on packets using this policy.

The action must be cannot be

DISCARD if you specify the -tunnel argument, and must be

PASS if this is an end host in a host-to-host tunnel topology.

Default: The action deﬁned for the action parameter in the

HostPolicy-Defaults sec-

tion of the proﬁle ﬁle used. The default deﬁnition for action is DISCARD in

/var/adm/ipsec/.ipsec_profile.

16 Hewlett-Packard Company − 12 − HP-UX IPSec A.02.00