HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 4: (Optional) Securing Payload Packets Routed Through the Home Agent
Appendix F302
•The protocol argument value is ALL.
•The
priority_number
must be greater (lower priority) than the
policy configured in “Step 2A: Return Routability Messages:
Configuring the Home Agent - Correspondent Node Gateway IPsec
Policy” on page 293.
NOTE You can omit this policy if you are using the default gateway IPsec
policy shipped with HP-UX IPSec, which forwards all gateway packets in
clear text.
Syntax
ipsec_config add gateway
gwy_policy_name
-source
mn_home_addr
[/
prefix
] -destination
cn_addr
-protocol ALL [-priority
priority_number
]
-action FORWARD -flags MIPV6
gwy_policy_name
The
gwy_policy_name
is the user-defined name for the gateway IPsec
policy. This name must be unique for each gateway IPsec policy and is
case-sensitive. The name must be 1 - 63 characters. Each character must
be an ASCII alphanumeric character, hyphen (-), or underscore (_).
-source
mn_home_addr
[/
prefix
]
The
mn_home_addr
is the Mobile Node’s home address. If you are using
manual keys, this cannot be a wildcard or subnet address. If you are
using IKE, you can specify a subnet address and prefix.
-destination
cn_addr
The
cn_addr
is the Correspondent Node’s address. In many cases, there
will be a large number of possible Correspondent Nodes and you may
want to use the IPv6 wildcard address instead (0::0).