HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and Serviceguard
Step 2: Configuring HP-UX Host IPsec Policies for Serviceguard
Appendix G 339
The cluster nodes also initiate TCP connections to the remote command
clients using dynamically assigned source and destination ports, as
listed below. You must configure HP-UX IPSec so it does not discard the
packets listed below, however, HP recommends that you do not allow the
packets to pass in clear text. For more information, see “Maximizing
Security” on page 91.
For remote execution of the cmscancl command, HP-UX IPSec must not
discard the following packets:
Remote Command Client Host IPsec Policies
If HP-UX IPSec is installed on the remote command clients, configure
host IPsec policies for the packets listed below with transform lists that
correspond to the policies on the cluster nodes.
Source IP
Address
Destination
IP Address
Protocol
Source
Port
Destination
Port
cluster node
address (or
wildcard)
remote
command
client address
TCP 0 0
Source IP
Address
Destination
IP Address
Protocol
Source
Port
Destination
Port
cluster node
address (or
wildcard)
remote
command
client address
TCP 514 0
Source IP
Address
Destination
IP Address
Protocol
Source
Port
Destination
Port
remote
command
client address
(or wildcard)
cluster node
address
TCP 0 5302
remote
command
client address
(or wildcard)
cluster node
address
UDP 0 5302