HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 2: (Recommended) Securing Return Routability Messages Routed Through the Home Agent
Appendix F294
specifications are relative to the packets forwarded by the Home Agent:
the source is the Mobile Node’s home address and the destination is the
Correspondent Node address, or an IPv6 wildcard address (0::0).
If you are using manual keys, you must configure one policy for each
Mobile Node. If you are using IKE, you can configure one policy for
multiple Mobile Nodes by specifying the appropriate home address and
prefix for the source address
Syntax
You can use the following ipsec_config add gateway syntax for the
data path segments between the Home Agent and Correspondent Nodes
in most in topologies. To specify an add gateway operation for an
ipsec_config batch file, use the following syntax without the
ipsec_config command name (add gateway
gwy_policy_name
...).
Refer to the ipsec_config (1M) manpage for complete syntax information.
NOTE You can omit the gateway IPsec policy for the Home Agent -
Correspondent Node segments if you are using the default gateway
IPsec policy shipped with HP-UX IPSec, which forwards all gateway
packets in clear text.
ipsec_config add gateway
gwy_policy_name
-source
mn_home_addr
[/
prefix
] -destination
cn_addr
-protocol MH [-priority
priority_number
] -action FORWARD
-flags MIPV6
gwy_policy_name
The
gwy_policy_name
is the user-defined name for the gateway IPsec
policy. The
gwy_policy_name
must be unique for each gateway IPsec
policy and is case-sensitive. The name must be 1 - 63 characters. Each
character must be an ASCII alphanumeric character, hyphen (-), or
underscore (_).
-source
mn_home_addr
[/
prefix
]
The
mn_home_addr
is the Mobile Node’s home address. If you are using
manual keys, this cannot be a wildcard or subnet address. If you are
using IKE, you can specify a subnet address and prefix.