HP-UX IPSec version A.02.01 Administrator's Guide

HP-UX IPSec Configuration Examples

Host to Host telnet

Appendix D260

Apple Configuration

Host IPsec Policies

On Apple, you configure two host IPsec policies. The first host IPsec

policy (telnetAB) is for outbound telnet requests from Apple to

Banana (users on Apple using the telnet service to Banana). Note that

since the telnet clients on Apple may use any non-reserved TCP port

number, you do not specify a port number in the source address.

Figure D-1 Example 1: telnet AB

The second host IPsec policy (telnetBA) is for inbound telnet requests

from Banana to Apple (users on Banana using the telnet service to

Apple). Since the telnet clients on Banana may use any non-reserved

TCP port number, do not specify a port number in the destination

address.

Figure D-2 Example 1: telnet BA

The default host IPsec policy installed with HP-UX IPSec allows all

other traffic to pass in clear text. Apple and Banana are on an isolated

LAN, so this “open” policy is not a security risk. The ipsec_config batch

file entries are listed below:

banana

apple

telnet client

(port varies)

telnetd

(always port 23)

“telnet banana”

bananaapple

telnetd

(port 23)

telnet client

(port varies)

“telnet apple”