HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Configuration Overview
Appendix F288
Nested Transforms
If you are using an ESP transform nested in an AH transform with
manual keys, you must specify two -in statements and two -out
statements:
-in
manual_key_sa_specification
-in
manual_key_sa_specification
-out
manual_key_sa_specification
-out
manual_key_sa_specification
The first -in and -out statements specify the parameters for the AH
transform. The second -in and -out statements specify the parameters
for the ESP transform.
Troubleshooting Manual Key Problems
Troubleshooting manual key problems can be difficult because there are
no IKE negotiations and no IKE audit messages. See Chapter 7, “Manual
Keys Fail” on page 221 for information on troubleshooting manual keys.
Configuration Procedure
Use the following procedure to configure HP-UX IPSec on a Mobile IPv6
Home Agent.
Step 1. (Required) Configure a host IPsec policy to secure binding messages
(Binding Update and Binding Acknowledgement) messages between the
Home Agent and the Mobile Node.
See “Step 1: (Required) Securing Binding Messages Between the Home
Agent and Mobile Node” on page 290 for a description of this step.
Step 2. (Recommended) Configure two gateway IPsec policies and a tunnel
policy to secure Return Routability messages between the Home Agent
and the Mobile Node.
See “Step 2: (Recommended) Securing Return Routability Messages
Routed Through the Home Agent” on page 292 for a description of this
step.
Step 3. (Recommended) Configure a host IPsec policy to secure Prefix Discovery
messages between the Home Agent and the Mobile Node.