HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Mobile IPv6 Manual Key Configuration Example
Appendix F316
Policies for Return Routability Messages (Step 2)
There are two gateway policies and a tunnel policy for Return
Routability messages. You can skip this step if you going to secure
payload packets routed through the Home Agent (Step 4).
Gateway IPsec Policy for Home Agent - Correspondent Node
Segments (Step 2A)
You can omit this policy if you are using the default gateway IPsec
policy shipped with HP-UX IPSec.
add gateway mn2222_rr_to_cn \
-source 2001:db8:11:11::fefe:2222 \(Mobile Node’s Home Address)
-destination 0::0 \(wildcard for any Correspondent Node)
-protocol MH -pri 200 -action FORWARD -flags MIPV6
Gateway IPsec Policy for Home Agent - Mobile Node Segments
(Step 2B)
add gateway mn2222_rr_to_mobile_node \
-source 0::0 \(wildcard for any Correspondent Node)
-destination 2001:db8:11:11::fefe:2222 \(Mobile Node’s Home
Address)
-protocol MH -pri 210 -tunnel mn2222_rr_tunnel \
-action FORWARD -flags MIPV6
Return Routability Tunnel IPsec Policy (Step 2C)
The following tunnel policy configures the tunnel between the local
system (Home Agent) and the Mobile Node for Mobile. The Home Agent
uses this tunnel when forwarding MH protocol packets between the
Mobile Node and the Correspondent Node. The tunnel endpoints are the
Mobile Node and the local system (Home Agent).
add tunnel mn2222_rr_tunnel \
-tsource 2001:db8:11:11::fefe:1111 \(Home Agent)
-tdestination 2001:db8:11:11::fefe:2222 \(Mobile Node’s Home
Addr.)
-source 0::0 \(wildcard for any Correspondent Node)
-destination 2001:db8:11:11::fefe:2222 \(Mobile Node’s Home
Address)
-protocol MH \
-action ESP_AES128_HMAC_SHA1 \