Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
341342343344345346347348349350
HP-UX IPSec and Serviceguard
Step 2: Configuring HP-UX Host IPsec Policies for Serviceguard
Appendix G336
Specify the following values for the remaining filter fields in the host
IPsec policies:
Protocol: ALL
Source and destination ports: 0 (all ports)
For the cluster shown in Figure G-1 on page 327, one way to configure
PASS host ipsec policies for the heartbeat address pairs is to configure six
host ipsec policies with the following filter specifications:
CAUTION Use caution when configuring “open” host ipsec policies (policies that
allow all or most packets to pass in clear text). For more information, see
“Maximizing Security” on page 91.
Private Dedicated Heartbeat Networks
If you are using a dedicated heartbeat network that is also a private
network, you can simplify your configuration by replacing the heartbeat
address filters in the private network with one host IPsec policy for the
Source IP
Address/
Prefix
Destination
IP Address/
Prefix
Protocol
Source
Port
Destination
Port
10.0.0.0/8 10.1.1.1/32 ALL 00
10.0.0.0/8 10.2.2.2/32 ALL 0 0
10.0.0.0/8 10.3.3.3/32 ALL 0 0
15.0.0.0/8 15.1.1.1/32 ALL 0 0
15.0.0.0/8 15.2.2.2/32 ALL 0 0
15.0.0.0/8 15.3.3.3/32 ALL 0 0