HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 1: Configuring Host IPsec Policies
Chapter 4104
The complete ipsec_config add host syntax specification also allows
you to specify the following arguments:
• nocommit (verify the syntax but do not commit the information to the
database)
• profile (alternate profile file)
• in and out (inbound and outbound SA information for manual keys)
Refer to the ipsec_config_add (1M) manpage for complete syntax
information.
host_policy_name
The
host_policy_name
is the user-defined name for the host IPsec
policy. This name must be unique for each host IPsec policy and is
case-sensitive.
Acceptable Values: 1 - 63 characters. Each character must be an ASCII
alphanumeric character, hyphen (-), or underscore (_).
The name default is reserved. See “default Host IPsec Policy” on
page 102 for more information.
-source and -destination
ip_addr
[/
prefix
[/
port_number
|
service_name
]]
HP-UX IPSec uses the
ip_addr
,
prefix
, and
port_number
or
service_name
] with the protocol argument to form an address filter.
HP-UX IPSec uses the address filter to select an IPsec policy for a
packet. Specify a local IP address for the source
ip_addr
. For an
outbound packet, HP-UX IPSec compares the source address filter with
the source address fields in the packet, and the destination address filter
with the destination address fields in the packet. For an inbound packet,
HP-UX IPSec compares the source address filter with the destination
address fields in the packet, and the destination address filter with the
source address fields in the packet.
Default: If you do not specify
ip_addr
,
prefix
, and
port_number
or
service_name
, ipsec_config uses the value of the source or
destination parameter in the HostPolicy-Defaults section of the profile
file used. The default value for source and destination is 0.0.0.0/0/0
(match any IPv4 address, any port).
ip_addr
The
ip_addr
is the source or destination IP address.