HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 4: (Optional) Securing Payload Packets Routed Through the Home Agent
Appendix F 305
-flags MIPV6 The flags must include MIPV6.
Step 4C: Payload Packets: Configuring the Home
Agent - Mobile Node Tunnel
Configure the tunnel between the Home Agent and Mobile Node used for
payload packets. The syntax is the same as the one used in “Step 2C:
Return Routability Messages: Configuring the Home Agent - Mobile
Node Tunnel” on page 297, except protocol is ALL.
Syntax
ipsec_config add tunnel
payload_tunnel_name
[-tsource
home_agent_addr
] [-tdestination
mn_home_addr
]
-source
cn_addr
-destination
mn_home_addr
-protocol ALL -action
transform_name
[-in
manual_key_sa_specification
-out
manual_key_sa_specification
]
payload_tunnel_name
The
payload_tunnel_name
is the user-defined
name for the payload tunnel IPsec policy. This name must be unique for
each tunnel IPsec policy and is case-sensitive. The name must be 1 - 63
characters. Each character must be an ASCII alphanumeric character,
hyphen (-), or underscore (_).
-tsource
home_agent_addr
The
home_agent_addr
is the Home
Agent’s IP address and cannot be a wildcard or subnet address. This
defines local tunnel endpoint (the tunnel source).
-tdestination
mn_home_addr
The
mn_home_addr
is the Mobile Node’s
home address. This defines the remote tunnel endpoint (the tunnel
destination). This argument is required if you are using manual keys and
cannot be a wildcard or subnet address.
If you are using IKE, you can omit this parameter. The policy will use
the destination address and prefix from the -destination argument.
-source
cn_addr
The
cn_addr
is the Correspondent Node’s address. In
many cases, there will be a large number of possible Correspondent
Nodes and you may want to use the IPv6 wildcard address instead
(0::0).