Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
281282283284285286287288289290
HP-UX IPSec and HP-UX IPFilter
Using HP-UX IPSec with HP-UX IPFilter
Appendix E276
Example
On hostA, the local IP address is 10.10.10.10, and you want to allow
IPsec ESP packets to and from hostB (IP address 15.15.15.15). On hostA,
the IPFilter configuration contains the following entries:
# Allow IKE packets to and from hostB
pass in quick proto UDP from 15.15.15.15 port 500 to
10.10.10.10 port = 500
pass out quick proto UDP from 10.10.10.10 port 500 to
15.15.15.15 port = 500
# Allow IPsec ESP traffic from hostB
pass in quick proto 50 from 15.15.15.15 to 10.10.10.10
pass out quick proto 50 from 10.10.10.10 to 15.15.15.15
NOTE You must configure IPFilter to pass traffic both in and out on UDP port
500 for HP-UX IPSec to work properly.
You can add additional rules to restrict and allow other traffic. For
example, you could add the following entries to the configuration on
hostA so that hostA only accepts the following packets: ESP IPsec
packets to and from hostB, and HTTP (TCP port 80) requests:
# Allow HTTP requests
pass in quick proto TCP from any to 10.10.10.10 port = 80 keep
state
# Block all other traffic to/from anywhere
block in from any to any
block out from any to any