HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 1: (Required) Securing Binding Messages Between the Home Agent and Mobile Node
Appendix F290
Step 1: (Required) Securing Binding Messages
Between the Home Agent and Mobile Node
RFC 3776 specifies that you must use IPsec to secure binding messages
between the Home Agent and Mobile Node.
To secure binding messages, configure a host IPsec policy on the Home
Agent to secure Mobile IPv6 Mobility Header (MH) packets between the
Home Agent and the Mobile Node.
Specify the Mobile Node’s home address as the destination address. If
you are using manual keys, you must configure one host policy for each
Mobile Node. If you are using IKE, you can configure one host policy for
multiple Mobile Nodes by specifying the appropriate home address and
prefix for the destination address.
Syntax
You can use the following ipsec_config add host syntax to secure
binding messages on the Home Agent in most topologies. To specify an
add host operation for an ipsec_config batch file, use the following
syntax without the ipsec_config command name (add host
host_policy_name
...). Refer to the ipsec_config (1M) manpage for
complete syntax information.
ipsec_config add host
host_policy_name
-source
home_agent_addr
-destination
mn_home_addr
[/
prefix
]
-protocol MH [-priority
priority_number
]
-action
transform_name
-flags MIPV6
[-in
manual_key_sa_specification
-out
manual_key_sa_specification
]
host_policy_name
The
host_policy_name
is the user-defined name for the host IPsec
policy. The
host_policy_name
must be unique for each host IPsec policy
and is case-sensitive. The name must be 1 - 63 characters. Each
character must be an ASCII alphanumeric character, hyphen (-), or
underscore (_).