HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec Overview
Features
Chapter 1 35
The HP-UX IPSec product includes the configuration and
management features listed below.
— Easy-to-use configuration utilities
You configure HP-UX IPSec using ipsec_config, which allows
batch mode operation.
— Flexible, packet-based configuration
You control IPsec behavior by defining packet filters in IPsec
policies. An IPsec policy contains a packet filter definition and
list of actions or transforms (pass, discard, use ESP or AH) to
apply to the packets. The packet filter definition contains the
following fields:
— local IP address
— local address prefix length (for subnet addresses)
— remote IP address
— remote address prefix length (for subnet addresses)
— upper-layer protocol (such as TCP, UDP. or ICMP)
— local TCP or UDP port number
— remote TCP or UDP port number
You can specify wildcards (match any value) for field values. You
can also select a network service for the filter, such as telnet,
instead of the upper-layer protocol and port numbers.
— Bypass address configuration
You can configure HP-UX IPSec to bypass, or ignore, local IP
interfaces that you do not need to secure. This feature is useful
for internal networks where most traffic passes in clear text and
only specific applications need to be secured.
— Configuration test utility
The ipsec_policy utility takes a packet definition (local and
remote IP addresses, upper-layer protocol, local and remote port
numbers) as input and reports the IPsec policy that HP-UX
IPSec would apply to packets matching the definition.
— Audit logging