HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 2: (Recommended) Securing Return Routability Messages Routed Through the Home Agent
Appendix F298
If you are using IKE, you can omit this parameter. The policy will use
the destination address and prefix from the -destination argument.
-source
cn_addr
The
cn_addr
is the Correspondent Node’s address. In
many cases, there will be a large number of possible Correspondent
Nodes and you may want to use the IPv6 wildcard address instead
(0::0).
-destination
mn_home_addr
[/
prefix
] The
mn_home_addr
is the
Mobile Node’s home address. If you are using manual keys, this cannot
be a wildcard or subnet address. If you are using IKE, you can specify a
subnet address and prefix.
-protocol MH The protocol must be MH (Mobile IPv6 Mobility Headers).
-action
transform_name
The
transform_name
must be an
authenticated ESP transform with a non-null authentication method,
according to the Mobile IPv6 protocol specification. For example,
ESP_AES128_HMAC_SHA1. The transform cannot be a nested transform.
-in and -out
manual_key_sa_specification
If you are using
manual keys, you must specify the inbound and outbound manual key
information. If you are using IKE, omit these parameters.
The format for
manual_key_sa_specification
is defined in “Manual
Key SA Format” on page 286.