HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and Serviceguard
Step 2: Configuring HP-UX Host IPsec Policies for Serviceguard
Appendix G334
Step 2: Configuring HP-UX Host IPsec Policies
for Serviceguard
Overview
Use the procedure described in Chapter 4, “Step 1: Configuring Host
IPsec Policies” on page 102 to configure host IPsec policies, with the
following additional requirements:
•Configure PASS host IPsec policies for all packets sent between the
heartbeat IP addresses. This ensures that Serviceguard does not
unnecessarily reform the cluster because of delays introduced by
HP-UX IPSec. This also ensures that HP-UX IPSec does not encrypt,
authenticate, or discard other Serviceguard control messages.
• If you are using the optional Serviceguard Quorum Server, remote
command execution, ServiceGuard Manager, or ServiceGuard
Cluster Object Manager services, you must configure HP-UX IPSec
so it does not discard control messages for these services. Table G-1
on page 343 provides a summary of the port numbers and protocols
for these services.
This section describes the Serviceguard cluster information you need to
determine before configuring host IPsec policies. It also describes how to
configure host IPsec policies for package addresses, heartbeat IP
addresses, and optional Serviceguard services. This section also contains
a summary of the port numbers and protocols used by Serviceguard
services.
This section contains the following subsections:
• “Determining Serviceguard Cluster Information” on page 335
• “Configuring Host IPsec Policies for Package Addresses” on page 335
• “Configuring PASS Host IPsec Policies for Heartbeat IP Addresses”
on page 335
• “Configuring Host IPsec Policies for Serviceguard Quorum Server”
on page 337
• “Configuring Host IPsec Policies for Remote Command Execution” on
page 338