HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and Serviceguard
Step 2: Configuring HP-UX Host IPsec Policies for Serviceguard
Appendix G340
The cluster nodes also initiate TCP connections to the remote command
clients using dynamically assigned source and destination ports, as
listed below. You must configure HP-UX IPSec so it does not discard the
packets listed below, however, HP recommends that you do not allow the
packets to pass in clear text. For more information, see “Maximizing
Security” on page 91.
For remote execution of the cmscancl command, HP-UX IPSec must not
discard the following packets:
Configuring Host IPsec Policies for ServiceGuard
Manager
If you using ServiceGuard Manager, you must configure HP-UX IPSec so
it does not discard SNMP traffic between cluster nodes and the
ServiceGuard Manager system. Configure HP-UX IPSec so it does not
discard packets listed in the sections below.
Source IP
Address
Destination
IP Address
Protocol
Source
Port
Destination
Port
remote
command
client address
(or wildcard)
cluster node
address
TCP 0 0
Source IP
Address
Destination
IP Address
Protocol
Source
Port
Destination
Port
remote
command
client address
(or wildcard)
cluster node
address
TCP 0 514