HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Mobile IPv6 Dynamic Key Configuration Example
Appendix F322
Payload Packets Routed Through the Home Agent
(Step 4)
This step is optional.
There are two gateway policies and a tunnel policy to secure payload
messages between the Mobile Node and the Correspondent Node when
they are routed through the local node (Home Agent).
Priority for Payload Gateway IPsec Policies
The priority values for these policies must be greater (lower priority)
than the gateway IPsec policies configured for the Return Routability
messages, and the protocol is ALL.
Gateway IPsec Policy for Home Agent - Correspondent Node
Segments (Step 4A) You can omit this policy if you are using the
default IPsec gateway policy shipped with HP-UX IPSec.
add gateway mipv6_payload_to_cn \
-source 2001:db8:11:11::/64 \(Mobile Node subnet addr.)
-destination 0::0 \(wildcard for any Correspondent Node)
-protocol ALL -pri 300 -action FORWARD -flags MIPV6
Gateway IPsec Policy for Home Agent - Mobile Node Segments
(Step 4B)
add gateway mipv6_payload_to_mobile_node \
-source 0::0 \(wildcard for any Correspondent Node)
-destination 2001:db8:11:11::/64 \(Mobile Node subnet addr.)
-protocol ALL -pri 310 -tunnel mn2222_payload_tunnel \
-action FORWARD -flags MIPV6
Payload Tunnel IPsec Policy (Step 4C)
The tunnel between the local system (Home Agent) and the Mobile Node
is similar to the tunnel configured for Return Routability messages,
except protocol is ALL and the manual key SPI numbers (inbound SPI
numbers must be unique) and the keys are different.