HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 6: Configuring the Bypass List (Local IP Addresses)
Chapter 4 141
Figure 4-1 Bypass List Example
Maximizing Security
An IP address in the bypass list has the same effect as an open IPsec
policy, with the bypass interface address as the local address, a wildcard
(*) remote address, wildcard protocol and ports, and a Pass transform.
If you configure entries in the bypass list, intruders may be able to access
services or ports bound to addresses in the bypass list from other
interfaces on the system, even if the other interface IP addresses are
secured by IPsec policies. Intruders may access services or ports bound to
addresses in the bypass list even if the intruders are not directly
connected to interfaces in the bypass list.
HP recommends that you do not use the bypass list on systems where
you are using HP-UX IPSec as a filter or firewall to protect your
network.
See “Maximizing Security” on page 91 for more information.
ipsec_config add bypass Syntax
You can use the following ipsec_config add bypass syntax to
configure preshared keys in most installations:
ipsec_config add bypass
ip_address
HP recommends that you use an ipsec_config batch file to configure
HP-UX IPSec.To specify an add bypass operation for an ipsec_config
batch file, use the above syntax without the ipsec_config command
name:
add bypass
ip_address
15.2.2.2 (lan0:0)
15.1.1.1 (lan0:0)
16.1.1.1 (lan0:1)
16.2.2.2 (lan0:1)
bypass
secure
Node1
Node2