HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 1: Configuring Host IPsec Policies
Chapter 4112
Default: The value of the flags parameter in the HostPolicy-Defaults
section of the profile file used. The default flags value is NONE.
Host IPsec Policy Configuration Examples
The following batch file entry configures a host IPsec policy that requires
all traffic between 10.1.1.1 (the local system) and 10.5.5.5 to use ESP
with AES128 encryption and HMAC SHA-1 authentication:
EXCLUSIVE Specifies session-based keying. Session-based
keying uses a different pair of IPsec SAs per
connection or session. Only packets with the same
source IP address, destination IP address, network
protocol, source port, and destination port will use
the same IPsec SA. Session-based keying incurs
more overhead but provides more security and
privacy. If you do not specify session-based keying,
all packets using the same IPsec policy to the same
remote node will share the same IPsec SA pair and
cryptography keys.
You cannot specify the EXCLUSIVE flag if you are
using manual keys, or the action is PASS or
DISCARD.
MIPV6 Specifies that this IPsec policy is used for Mobile
IPv6 packets. HP-UX IPSec checks the Mobile IPv6
binding cache for routing information. (This flag
does not specify or affect any protocol specification
for the source or destination address filter used
when selecting the IPsec policy for a packet.)
You cannot specify the MIPV6 flag with IPv4
addresses in the source and destination arguments.
See Chapter F, “HP-UX IPSec and HP-UX Mobile
IPv6,” on page 277 for more information on
configuring HP-UX IPSec with Mobile IPv6.
NONE No flags.
Table 4-3 ipsec_config add host Flags (Continued)
Flag Description