HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 2: (Recommended) Securing Return Routability Messages Routed Through the Home Agent
Appendix F 297
-action FORWARD
The action must be FORWARD.
-flags MIPV6
The flags must include MIPV6.
Step 2C: Return Routability Messages: Configuring
the Home Agent - Mobile Node Tunnel
Configure the tunnel between the Home Agent and Mobile Node used for
Return Routability packets.
Syntax
You can use the following ipsec_config add tunnel syntax on the
Home Agent to configure the tunnel in most topologies. To specify an add
tunnel operation for an ipsec_config batch file, use the following
syntax without the ipsec_config command name (add tunnel
rr_tunnel_name
...). Refer to the ipsec_config (1M) manpage for
complete syntax information.
ipsec_config add tunnel
rr_tunnel_name
-tsource
home_agent_addr
[-tdestination
mn_home_addr
]
-source
cn_addr
-destination
mn_home_addr
-protocol MH -action
transform_name
[-in
manual_key_sa_specification
-out
manual_key_sa_specification
]
rr_tunnel_name
The
rr_tunnel_name
is the user-defined name for the
Return Routability tunnel IPsec policy. This name must be unique for
each tunnel IPsec policy and is case-sensitive. The name must be 1 - 63
characters. Each character must be an ASCII alphanumeric character,
hyphen (-), or underscore (_).
-tsource
home_agent_addr
The
home_agent_addr
is the Home
Agent’s IP address and cannot be a wildcard or subnet address. This
defines local tunnel endpoint (the tunnel source).
-tdestination
mn_home_addr
The
mn_home_addr
is the Mobile Node’s
home address. This defines the remote tunnel endpoint (the tunnel
destination). This argument is required if you are using manual keys and
cannot be a wildcard or subnet address.