HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 3: Configuring IKE Policies
Chapter 4 125
Acceptable Values: 1 - 63 characters. Each character must be an ASCII
alphanumeric character, hyphen (-), or underscore (_).
-remote
ip_addr
[/
prefix
]
The
ip_addr
and
prefix
are the IP address and network prefix length
that specifies the remote system or subnet for this policy. HP
recommends that you do not specify a wildcard address (0.0.0.0/0 or
0::0/0). Wildcard addresses allow unauthorized systems to engage the
local systems in IKE negotiations.
Where:
ip_addr
The
ip_addr
is the remote IP address.
Acceptable Values: An IPv4 address in dotted-decimal notation or an
IPv6 address in colon-hexadecimal notation. The IP address type (IPv4
or IPv6) must be the same for the source and destination address.
HP-UX IPSec does not support unspecified IPv6 addresses. However, you
can use the double-colon (::) notation within a specified IPv6 address to
denote a number of zeros (0) within an address. The address must be a
unicast address.
Default: None.
prefix
The
prefix
is the prefix length, or the number of leading bits
that must match when comparing the remote IP address with
ip_addr
.
For IPv4 addresses, a prefix length of 32 bits indicates that all the bits in
both addresses must match. This prefix length is equivalent to an
address mask of 255.255.255.255. Use a value less than 32 to specify a
subnet address filter.
For IPv6 addresses, a prefix length of 128 bits indicates that all the bits
in both addresses must match. Use a value less than 128 to specify a
subnet address filter.
Range: 0 - 32 for an IPv4 address; 0 - 128 for an IPv6 address. If you are
using manual keys, prefix must be 32 if
ip_addr
is an IPv4 address or
128 if
ip_addr
is an IPv6 address.
Default: 32 if
ip_addr
is a non-zero IPv4 address, 128 if
ip_addr
is a
non-zero IPv6 address, or 0 (match any address) if
ip_addr
is an
all-zeros address (0.0.0.0 or 0::0).