HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 3: (Recommended) Securing Prefix Discovery Messages Between the Home Agent and Mobile Node
Appendix F 299
Step 3: (Recommended) Securing Prefix
Discovery Messages Between the Home Agent
and Mobile Node
If the Mobile Node supports prefix discovery, RFC 3776 specifies that
you should use IPsec to secure the ICMPv6 Mobile Prefix Solicitation
and Mobile Prefix Advertisement messages. You can skip this step if
the Mobile Nodes do not support prefix discovery.
To secure Prefix Discovery Packets, configure host IPsec policies on the
Home Agent that secures ICMPv6 packets exchanged with the Mobile
Nodes. These policies also enables IPsec for ICMPv6 Echo Request and
Echo Reply messages.
If you are using manual keys, you must configure one host policy on the
Home Agent for each Mobile Node. If you are using IKE, you can
configure one host IPsec policy for multiple Mobile Nodes by specifying a
subnet address and prefix for the destination address in the policy.
Syntax
You can use the following ipsec_config add host syntax on the Home
Agent to secure Prefix Discovery messages in most topologies. To specify
an add host operation for an ipsec_config batch file, use the following
syntax without the ipsec_config command name (add host
host_policy_name
...). Refer to the ipsec_config (1M) manpage for
complete syntax information.
ipsec_config add host
host_policy_name
-source
home_agent_addr
-destination
mn_home_addr
[/
prefix
]
-protocol ICMPV6 [-priority
priority_number
]
-action
transform_name
-flags MIPV6
[-in
manual_key_sa_specification
-out
manual_key_sa_specification
]
host_policy_name
The
host_policy_name
is user-defined name for the host IPsec policy.
This name must be unique for each host IPsec policy and is
case-sensitive. The name must be 1 - 63 characters. Each character must
be an ASCII alphanumeric character, hyphen (-), or underscore (_).