HP-UX IPSec version A.02.01 Administrator's Guide

Quick Configuration Procedure and Tips

Step 2: Modifying the Configuration Batch File Template

Chapter 374

NOTE If you are using HP-UX IPSec on a system with an interface attached to

a public network and an interface on a private network, HP recommends

that you take additional precautions to isolate potential attacks from the

public network. See “Maximizing Security” on page 91 for more

information.

Policy Priority Order and Selection

HP-UX IPSec searches host IPsec and IKE policies in priority order

(within each type of policy). Lower priority values have higher priority

(priority value 1 is the highest priority).

If you have policies with overlapping address specifications, configure

the more specific policies with higher priorities (lower priority values) so

HP-UX IPSec will search them before policies with less specific

addresses.

Automatic Priority Assignment

If you do not specify a priority when creating a policy with the

ipsec_config add command, ipsec_config automatically assigns the

policy a priority so that the new policy is the last policy searched before

the default policy within its policy type. The example in this section does

not specify priority values and uses the values assigned by

ipsec_config.

See “Host Policy Order and Selection” on page 102 and “IKE Policy Order

and Selection” on page 123 for more information.

host-to-host Template File

The /var/adm/ipsec/templates/host-to-host template file is

reproduced below.

######################################################################

# /var/adm/ipsec/templates/host-to-host

# Sample ipsec_config batch file for securing host-to-host IP packets

# using IKE and preshared keys.