HP-UX IPSec version A.02.00 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg(1M) ipsec_conﬁg(1M)

ipsec_config add tunnel my_mipv6_tunnel \

-tsource 3ffe::83ff:fef7:1111 -tdestination 3ffe::83ff:fef7:2222 \

-source 0::0 -destination 3ffe::83ff:fef7:2222 \

-protocol MH \

-action ESP_AES128_HMAC_SHA1 \

-in ESP/2500010/0x1234567890123456789012345678901234567890\

/0x12345678901234567890123456789012/0x1234567890123456 \

-out ESP/2500011/0x0123456789012345678901234567890123456789\

/0x01234567890123456789012345678901/0x0123456789012345

IPSEC_CONFIG COMMAND

Name

batch - allows for processing of IPSec conﬁg operations in a single batch ﬁle

Synopsis

ipsec_config batch

batch_ﬁle_name [

-nocommit

][

-pro

[

file] proﬁle_ﬁle]

Description

The

ipsec_config batch

command allows you to specify multiple

ipsec_config add

and

ipsec_config delete

operations in a single batch ﬁle for processing. HP-UX IPSec processes the

operations in a batch ﬁle as a group. This mode is useful if you are adding or deleting conﬁguration

records that may affect other records.

If one operation is invalid, all operations in the batch ﬁle fail. The

ipsec_config

utility ﬁrst veriﬁes

each operation in the batch ﬁle for syntax errors and collisions (object names and priority values) with

existing entries in the conﬁguration database. If all operations in the batch ﬁle are valid, the HP-UX

IPSec infrastructure updates the conﬁguration database with all operations at the same time. If HP-UX

IPSec is active and running, the HP-UX IPSec infrastructure also updates the runtime policy database.

Options and Operands

The batch operation recognizes the following options and operands:

batch_file_name

The name of the batch ﬁle containing

ipsec_config add and

ipsec_config delete

operations.

Lines starting with a pound sign (

) are interpreted as comments. Comment lines within an

operation are not allowed.

A batch ﬁle cannot contain

ipsec_config batch

commands (ipsec_config

does not

allow recursive batch ﬁles) or

ipsec_config show

commands.

Maximum length: 1023 characters.

Default: None.

-nocommit|nc

The ipsec_config utility veriﬁes the

ipsec_config add and ipsec_config

delete

operations, but does not add or delete entries in the conﬁguration database. This

option applies to all operations in the batch ﬁle. Individual operations in the batch ﬁle cannot

specify the -nocommit

option.

-pro[

file] profile_name

Speciﬁes the name of the proﬁle ﬁle containing default argument values for this policy. The

argument values are evaluated once, when the policy is added to the conﬁguration database.

Values used from the proﬁle ﬁle become part of the conﬁguration record for the policy.

This argument applies to all operations in the batch ﬁle. Individual operations in the batch

ﬁle cannot specify the proﬁle argument.

Maximum length: 1023 characters.

Default:

/var/adm/ipsec/.ipsec_profile.

Examples

ipsec_config -batch /var/adm/ipsec/mybatch

The ﬁle /var/adm/ipsec/mybatch contains the following entries:

HP-UX IPSec A.02.00 − 27 − Hewlett-Packard Company 31