HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 2: Configuring Tunnel IPsec Policies
Chapter 4116
HP recommends that you use an ipsec_config batch file to configure
HP-UX IPSec. To specify an add tunnel operation for an ipsec_config
batch file, use the above syntax without the ipsec_config command
name:
add tunnel
tunnel_policy_name
[-tsource
tunnel_address
]
[-tdestination
tunnel_address
]
[-source
ip_addr
[/
prefix
][/
port_number
|
service_name
]]]
[-destination
ip_addr
[/
prefix
][/
port_number
|
service_name
]]]
[-protocol
protocol_id
] [-action
transform_list
]
The complete ipsec_config add tunnel syntax specification also
allows you to specify the following arguments:
• nocommit (verify the syntax but do not commit the information to the
database)
• profile (alternate profile file)
• in and out (inbound and outbound SA information for manual keys)
Refer to the ipsec_config_add (1M) manpage for complete syntax
information.
tunnel_policy_name
The
tunnel_policy_name
is the user-defined name for the tunnel IPsec
policy. This name must be unique for each tunnel IPsec policy and is
case-sensitive.
Acceptable Values: 1 - 63 characters. Each character must be an ASCII
alphanumeric character, hyphen (-), or underscore (_).
-tsource and -tdestination
tunnel_address
The
tunnel_address
is the IP address for the tunnel endpoint. The
-tsource
tunnel_address
is the local tunnel endpoint; the
-tdestination
tunnel_address
is the remote tunnel endpoint.
Acceptable Values: An IPv4 address in dotted-decimal notation or an
IPv6 address in colon-hexadecimal notation. The IP address type (IPv4
or IPv6) must be the same for the tunnel source and destination address.
HP-UX IPSec does not support unspecified IPv6 addresses. However, you
can use the double-colon (::) notation within a specified IPv6 address to
denote a number of zeros (0) within an address. The address must be a
unicast address.