HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 2: Configuring Tunnel IPsec Policies
Chapter 4 119
service_name
The
service_name
is a character string that specifies a
network service. The ipsec_config utility will add a policy to the
configuration database with the appropriate port number and protocol,
as listed below. You cannot specify
service_name
and protocol in the
same policy.
See Table 4-1, “ipsec_config Service Names,” on page 106 for a list of
valid service names.
-protocol
protocol_id
The
protocol
is the value or name of the upper-layer protocol that
HP-UX IPSec uses in the address filter to select an IPsec policy for a
packet. You cannot specify protocol and
service_name
in the same
policy.
Specifying ICMPV6 affects only the following ICMPv6 messages: Echo
Request, Echo Reply, Mobile Prefix Solicitation, Mobile Prefix
Advertisement.
To ensure proper operation of IPv6 networks, HP-UX IPSec always
allows all ICMPv6 messages not listed above to pass in clear text
Acceptable Values: Integer value 0 (any protocol) - 255, or one of the
following protocol names:
TCP
UDP
ICMP
ICMPV6
IGMP
MH (Mobile IPv6 Mobility Headers)
ALL (any protocol)
The protocols ICMP and IGMP are valid with IPv4 addresses only. The
protocols ICMPV6 and MH are valid with IPv6 addresses only.
NOTE The protocol value must be ALL or 0 if the corresponding host policy (the
host policy that references this tunnel policy) uses a transform (the host
policy action is not PASS).
Default: ALL.