HP-UX IPSec version A.02.00 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg(1M) ipsec_conﬁg(1M)

Default: 0x0000000000000000.

Examples

Conﬁgure a host IPSec policy that requires all outbound rlogin sessions (where the local system is an rlo-

gin client) to use authenticated ESP, with AES128 encryption and HMAC SHA-1 authentication.

ipsec_config add host rlogin_out -destination 0.0.0.0/0/RLOGIN \

-pri 100 -action ESP_AES128_HMAC_SHA1

Conﬁgure a host IPSec policy that requires all telnet requests (where the local system is the telnet server)

from subnet

10.0.0.0 to use authenticated ESP, with AES128 encryption and HMAC SHA-1 authenti-

cation.

ipsec_config add host telnet_in -source 0.0.0.0/0 TELNET \

-destination 10.0.0.0/8 \

-pri 110 -action ESP_AES128_HMAC_SHA1

Conﬁgure a host IPSec policy for an application that listens for requests on local TCP port

50000.

The policy requires all packets connecting to the application to use AH with HMAC SHA-1 authentica-

tion.

ipsec_config add host my_app -source 0.0.0.0/0/50000 \

-protocol TCP -pri 140 -action AH_SHA1

The local system (

10.1.1.1

) is using an host-to-host tunnel with system

10.2.2.2. Conﬁgure a host

IPSec policy that references the tunnel policy

my_host_host_tunnel

and speciﬁes clear text (no

transform) for the transport (end-to-end) transform. The command used to conﬁgure the tunnel

my_host_host_tunnel

is listed in the examples for the

ipsec_config add tunnel

command.

ipsec_config add host to_orange -source 10.1.1.1 \

-destination 10.2.2.2 -tunnel my_host_host_tunnel -action pass

Conﬁgure a host IPSec policy that uses manual keys for ESP AES128 encryption for all packets between

local address

10.1.1.1 and remote address

10.2.2.2.

ipsec_config add host mkey_10.2.2.2 -source 10.1.1.1 \

-destination 10.2.2.2 \

-pri 160 -action ESP_AES128 \

-in ESP/2500001/0x12345678901234567890123456789012/\

0x1234567890123456 \

-out ESP/2500002/0x01234567890123456789012345678901/\

0x0123456789012345\

Conﬁgure a host IPSec policy that uses manual keys for nested AH MD5 and ESP AES128 for all packets

between local address

10.1.1.1

and remote address 10.2.2.2

ipsec_config add host mkey_10.2.2.2 -source 10.1.1.1 \

-destination 10.2.2.2 \

-pri 160 -action AH_MD5+ESP_AES128 \

-in AH/2500003/0x0123456789abcedf0123456789abcdef \

-in ESP/2500004/0x01234567890123456789012345678901/\

0x0123456789012345 \

-out AH/2500005/0x123456789abcedf0123456789abcdef0 \

-out ESP/2500006/0x12345678901234567890123456789012/\

0x0123456789012345

The local system (

3ffe::83ff:fef7:1111

) is a Mobile IPv6 Home Agent for the Mobile Node

3ffe::83ff:fef7:2222. Conﬁgure a host IPSec policy that uses manual keys for authenticated ESP, with

AES128 encryption and HMAC SHA-1 authentication for all Mobile IPv6 protocol packets (protocol MH)

between the local and the Mobile Node.

ipsec_config add host my_mipv6_mn -source 3ffe::83ff:fef7:1111 \

-destination 3ffe::83ff:fef7:2222 \

-proto MH \

-pri 200 -action ESP_AES128_HMAC_SHA1 -flags MIPV6 \

-in ESP/2500007/0x1234567890123456789012345678901234567890\

/0x12345678901234567890123456789012/0x1234567890123456 \

-out ESP/2500008/0x0123456789012345678901234567890123456789\

/0x01234567890123456789012345678901/0x0123456789012345

20 Hewlett-Packard Company − 16 − HP-UX IPSec A.02.00