HP-UX IPSec version A.02.00 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg(1M) ipsec_conﬁg(1M)

notation within a speciﬁed IPv6 address to denote a number of zeros (0) within an

address. The address cannot be a broadcast, subnet broadcast, multicast, or any-

cast address.

prefix

Speciﬁes the preﬁx length, or the number of leading bits that must match when

comparing the IP address of a packet with ip_addr.

For IPv4 addresses, a preﬁx length of 32 bits indicates that all the bits in both

addresses must match. Use a value less than 32 to specify a subnet address ﬁlter.

For IPv6 addresses, a preﬁx length of 128 bits indicates that all the bits in both

addresses must match. Use a value less than 128 to specify a subnet address ﬁlter.

Type Range De faul t

IPv4 0 - 32 32 (0 if address is all-zeros)

IPv6 0 - 128 128 (0 if address is all-zeros)

The default is 0 (match any address) if ip_addr is an all-zeros address (

0.0.0.0

0::0). You must specify preﬁx if you specify port_number or service_name .

port_number

port is the upper-layer protocol (TCP or UDP) port number. Specify the upper-layer

protocol with the

-protocol

argument described below.

Acceptable values: 0 - 65535. 0 indicates all ports. The value of the

-proto-

col

argument must be

TCP or UDP if port is not zero.

The port must be 0 if the corresponding host policy the host policy that references

this tunnel policy) uses a transform (the corresponding host policy action is not

PASS

Default: 0 (all ports).

service_name

A character string that speciﬁes a network service. The

ipsec_config

utility

adds a policy to the conﬁguration database with the appropriate port number and

protocol, as listed below. You cannot specify service_name and the -protocol

argument in the same policy.

service_name Port Protocol

DNS-TCP 53 TCP

DNS-UDP 53 UDP

FTP-DATA 20 TCP

FTP-CONTROL 21 TCP

HTTP-TCP 80 TCP

HTTP-UDP 80 UDP

NTP 123 UDP

REXEC 512 TCP

RLOGIN 513 TCP

RWHO 513 UDP

REMSH 514 TCP

REMPRINT 515 TCP

SMTP 25 TCP

TELNET 23 TCP

TFTP 69 UDP

-prot[ocol] protocol _i d

Upper-layer protocol. Value or name of the upper-layer protocol that HP-UX IPSec uses in the

address ﬁlter to select an IPSec policy for a packet. You cannot specify the -protocol argu-

ment and a service_name in the address ﬁlter in the same policy.

Acceptable values: integer value in the range 0 (any protocol) - 255, or one of the following

protocol names:

TCP, UDP, ICMP, ICMPV6, IGMP, MH (Mobile IPv6 Mobility Header), ALL

(any protocol). ICMP and IGMP are valid only with IPv4 addresses. ICMPV6 and MH are valid

only with IPv6 addresses.

HP-UX IPSec A.02.00 − 23 − Hewlett-Packard Company 27