Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
261262263264265266267268269270
HP-UX IPSec Configuration Examples
Subnet ESP with Exceptions
Appendix D 263
Subnet ESP with Exceptions
You have a system, Carrot, on a LAN with the network address 192.1.1.*.
You want to limit access to this LAN from outside nodes.
There is one system outside the LAN with IPsec, Potato, that you will
allow to communicate with the nodes in your network using AES with
SHA1. All other packets from external nodes will be discarded.
All nodes within the LAN have HP-UX IPSec installed, except for
internal routers. You want to use ESP (AES with SHA1) for all IP
packets between the nodes on this LAN, except ICMP packets to and
from the routers, which you will allow to pass in clear text.
Except for the above specifications, you will use the default values for
most parameters (such as Security Association Lifetimes).
Figure D-3 Example 2: Network IPsec Policy with Exceptions
IPsec
192.1.1.1
IPsec
192.1.1.2
IPsec
192.1.1.3
IPsec
192.1.1.4
IPsec
Potato
No IPsec
Pass in clear text
IPsec ESP-AES
HMAC-SHA1
193.3.3.3
No IPsec
router
. . .
Carrot