HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

301

302

303

304

305

306

307

308

309

310

HP-UX IPSec and HP-UX Mobile IPv6

Step 4: (Optional) Securing Payload Packets Routed Through the Home Agent

Appendix F304

Syntax

ipsec_config add gateway

gwy_policy_name

-source

cn_addr

-destination

mn_home_addr

prefix

]

-protocol ALL [-priority

priority_number

]

-tunnel

payload_tunnel_name

-action FORWARD -flags MIPV6

[-homeclear

interface_name

]

gwy_policy_name

The

gwy_policy_name

is the user-defined name for

the gateway IPsec policy. This name must be unique for each gateway

IPsec policy and is case-sensitive. The name must be 1 - 63 characters.

Each character must be an ASCII alphanumeric character, hyphen (-), or

underscore (_).

-source

cn_addr

The

cn_addr

is the Correspondent Node’s address. In

many cases, there will be a large number of possible Correspondent

Nodes and you may want to use the IPv6 wildcard address instead

(0::0).

-destination

mn_home_addr

prefix

] The

mn_home_addr

is the

Mobile Node’s home address. If you are using manual keys, this cannot

be a wildcard or subnet address. If you are using IKE, you can specify a

subnet address and prefix.

-priority

priority_number

The

priority_number

is the priority

value HP-UX IPSec uses when selecting a gateway IPsec policy (a lower

priority value has a higher priority). The priority must be unique for

each gateway IPsec policy. The range is 1 - 2147483647.

The priority must be lower than the priority for the policy configured for

the Mobile Node in “Step 2B: Return Routability Messages: Configuring

the Home Agent - Mobile Node Gateway IPsec Policy” on page 295.

-tunnel

payload_tunnel_name

The

payload_tunnel_name

is the name of the tunnel policy that defines

the tunnel between the Mobile Node and the Home Agent, as configured

in the following section.

-action FORWARD The action must be FORWARD.

-homeclear

interface_name

The

interface_name

specifies the name

of the physical interface that is the home link for the Mobile IPv6

node(s). HP-UX IPSec will not secure packets to the Mobile Node when

the Mobile Node is attached to the home link.