HP-UX IPSec version A.02.01 Administrator's Guide

HP-UX IPSec and HP-UX Mobile IPv6

Configuration Overview

Appendix F 285

Configuration Overview

This section contains general information about two HP-UX IPSec

configuration objects used for HP-UX Mobile IPv6:

• Gateway IPsec policies

•Manual keys

This section also provides an overview of the procedure for configuring

HP-UX IPSec for HP-UX Mobile IPv6.

Understanding Gateway IPsec Policies

Gateway IPsec policies specify forwarding behavior on gateways, or

nodes that forward IP packets. HP-UX IPSec supports gateway IPsec

policies only on HP-UX Mobile IPv6 Home Agents that use the policies to

forward IP packets to and from Mobile IPv6 clients.

You configure two gateway IPsec policies for each end-to-end address

pair. Each gateway IPsec policy specifies the source and destination

addresses for the end-to-end packets, and defines the HP-UX IPSec

behavior for the data segments between the gateway and the destination

endpoint.

Figure F-4 shows the main ipsec_config parameters for configuring

the two gateway IPsec policies on a gateway, G, for forwarding packets

between the end systems A and B. The first gateway IPsec policy, G-A, is

used for the data segments between G and A when G forwards packets

between A and B (the data segments on the left side of the figure that

pass through the tunnel). The G-A policy specifies that G uses the tunnel

tunnelG-A for the data segments between G and A. You configure the

tunnelG-A parameters in a separate tunnel IPsec policy.

The second gateway IPsec policy, G-B, is used for the data segments

between G and B when G forwards packets between A and B (the data

segments on the right side of the figure). The G-B policy specifies that G

forwards the packets in clear text for the data segments between G and