HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 1: Configuring Host IPsec Policies
Chapter 4 103
Automatic Priority Increment
There are two ways to set the priority of an host policy:
•Specify the priority argument to explicitly set the priority.
•Omit the priority argument and have ipsec_config assign a
priority using the automatic priority increment value so that the new
policy is the last policy evaluated before the default policy.
If you omit the priority argument, ipsec_config assigns a priority
value that is set to the current highest priority value for host policies
(lowest priority) in the configuration data base, incremented by the
automatic priority increment value for host policies. The result is that
the new policy will be the last host policy evaluated before the default
policy. The automatic priority increment value for host policies is the
priority parameter value in the HostPolicy-Defaults section of the
profile file, and the default value is 10.
If you are configuring the first host IPsec policy and do not specify a
priority argument, ipsec_config assigns the automatic priority
increment value as the priority.
ipsec_config add host Syntax
If you are not using manual keys, you can use the following
ipsec_config add host syntax in most installations:
ipsec_config add host
host_policy_name
[-source
ip_addr
[/
prefix
[/
port_number
|
service_name
]]]
[-destination
ip_addr
[/[
prefix
[/
port_number
|
service_name
]]]
[-protocol
protocol_id
] [-priority
priority_number
]
[-action PASS|DISCARD|
transform_list
] [-flags
flags
]
HP recommends that you use an ipsec_config batch file to configure
HP-UX IPSec. To specify an add host operation for an ipsec_config
batch file, use the above syntax without the ipsec_config command
name:
add host
host_policy_name
[-source
ip_addr
[/[
prefix
][/
port_number
|
service_name
]]]
[-destination
ip_addr
[/
prefix
][/
port_number
|
service_name
]]]
[-protocol
protocol_id
] [-priority
priority_number
]
[-action PASS|DISCARD|
transform_list
] [-flags
flags
]