HP-UX IPSec version A.02.00 manpages
ipsec_admin(1M) ipsec_admin(1M)
(HP-UX IPSec Software Required)
-spi_min
spi_min_value
Specifies the lower bound for inbound, dynamic key Security Parameters Index (SPI) numbers
in hexadecimal, prefixed by 0x, or decimal.
Range: 1 - 4294967295 (0x1 - 0xFFFFFFFF hexadecimal).
Default: None.
-spi_max
spi_max_val ue
Specifies the upper bound for inbound, dynamic key Security Parameters Index (SPI) numbers
in hexadecimal, prefixed by 0x, or decimal.
Range: 1 - 4294967295 (0x1 - 0xFFFFFFFF hexadecimal).
Default: None.
-spd_soft
spd_soft_limit
Specifies the "soft" limit for the size of the Security Policy Database (SPD). The SPD is the
HP-UX IPSec runtime policy database, with cached policy decisions for packet descriptors
(five-tuples consisting of exact, non-wildcard source IP address, destination IP address, proto-
col, source port, and destination port).
When the size of the SPD exceeds the soft limit, HP-UX IPSec logs a warning message to the
system console, and logs an additional warning message to the system console for each 1000
SPD entries added.
The spd_soft_limit is measured in units of 1000 entries.
Range: 1 - 1000000 units of 1000 entries (1000 - 1000000000 entries).
Default: None.
-spd_hard
spd_hard_limit
Specifies the "hard" limit for the size of the Security Policy Database (SPD).
When the size of the SPD exceeds the hard limit, HP-UX IPSec stops adding new cache
entries, and discards any packets that do not match existing entries.
The spd_hard_limit is measured in units of 1000 entries.
Range: 1 - 1000000 units of 1000 entries (1000 - 1000000000 entries).
Default: None.
-flushsa
|fa
Allows the user to flush all the ISAKMP/Main Mode SAs and IPSec/Quick Mode SAs. You can
also use this option to clear the SA database without restarting HP-UX IPSec.
This option is automatically executed when you execute the
-stop
option.
-flushp
|fp
Allows the user to flush the Security Policy data base kept by the Policy daemon and the ker-
nel policy engine without restarting HP-UX IPSec.
This option is automatically executed when you execute the -stop option.
-deletesa|da
remote_ip_address
Allows the user to delete the ISAKMP/Main Mode SA and IPSec SAs for a given
remote_ip_address. remote_ip_address must be in dotted-decimal notation for IPv4 addresses
or colon-hexadecimal notation for IPv6 addresses.
RETURN VALUE
Upon successful completion,
ipsec_admin returns 0; otherwise it returns 1.
ERRORS
ipsec_admin fails if any of the following conditions is encountered:
• Command used incorrectly - Usage message is returned.
• Incorrect HP-UX IPSec password - returns the following message:
IPSEC_ADMIN: ALERT-Security violation: Password entered is
incorrect!
HP-UX IPSec A.02.00 − 3 − Hewlett-Packard Company 3