HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Using ipsec_config
Chapter 496
You can specify a profile file name with the -profile argument as part
of an ipsec_config command. By default, ipsec_config uses the
/var/adm/ipsec/.ipsec_profile profile file, which is shipped with
HP-UX IPSec. In most topologies, you can use the default values
supplied in the /var/adm/ipsec/.ipsec_profile file.
HP-UX IPSec also has internal default values that are the same as the
values in the /var/adm/ipsec/.ipsec_profile file shipped with the
product. If the /var/adm/ipsec/.ipsec_profile file does not exist and
the user does not specify an alternate profile file, HP-UX IPSec uses its
internal default values.
Using a Profile File with a Batch File
You can specify the profile argument as part of the ipsec_config
batch command line and ipsec_config will apply it to all entries in the
batch file. The profile argument is illegal inside batch files (you cannot
specify the profile argument as part of a statement inside a batch file).
Refer to the ipsec_config_batch (1M) manpage for more information.
Profile File Structure
The profile file is separated into sections that contain default parameter
values for different configuration objects. For example, the
HostPolicy-Defaults section contains defaults for host IPsec policies,
which are created using the ipsec_config add host command. Each
section is delimited by BEGIN and END statements.
Creating a Customized Profile File
In most topologies, you can use the default values in
/var/adm/ipsec/.ipsec_profile. If you want to create a customized
profile file, make a copy of the /var/adm/ipsec/.ipsec_profile file and edit
the copy with a text editor.
You may want to create a customized profile file to change the default
source address parameter (source parameter) in the following
topologies:
•IPv6 networks
• Multihomed nodes with private interfaces