HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 1: Configuring Host IPsec Policies
Chapter 4108
If this is the first host IPsec policy created, ipsec_config uses the
automatic priority increment value as the priority.
-tunnel
tunnel_policy_name
If packets using this host IPsec policy will be tunneled and the local
system is one of the tunnel endpoints, use the tunnel argument to
specify the
tunnel_policy_name
, the name of the tunnel IPsec policy to
use with this host IPsec policy.
-action
The action argument specifies the action HP-UX IPSec will perform on
packets using this policy. The action must be PASS (pass in clear text) if
this is an end system in an end-to-end tunnel (host-to-host tunnel)
topology.
Default: The action defined for the action parameter in the
HostPolicy-Defaults section of the profile file used. The default
definition for action is DISCARD.
PASS Allow packets using this host IPsec policy to pass in clear text with
no alteration. The default host IPsec policy shipped with the product
specifies -action PASS.
DISCARD Discard packets using this host IPsec policy.
transform_list
A transform specifies the IPsec authentication and
encryption applied to packets using AH (Authentication Header) and
ESP (Encapsulation Security Payload) headers. A transform list specifies
the transforms acceptable for packets using the policy. The HP-UX IPSec
IKE daemon proposes the transform list when negotiating the transform
for IPsec Security Associations (SAs) with a remote system.
The transform list in a host policy are transport transforms and are
applicable to the host-to-host SA (end-to-end or transport SA) between
the source and destination addresses.
If you are using dynamic keys, the transform list can contain:
• A list that contains up to 2 AH transforms
• A list that contains up to 8 ESP transforms.
• A list that contains one nested AH and ESP transform (ESP nested
inside of AH)