Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
71727374757677787980
Quick Configuration Procedure and Tips
Step 2: Modifying the Configuration Batch File Template
Chapter 376
# Subnet and IPv6 Addresses
# -------------------------
# In the address specifications, the IP address prefix (32) follows the
# IP address.
# To use the host policies for subnet topologies, change
# the address prefix length to the appropriate length.
# To use the host policies for IPv6 host-to-host topologies, change
# the address prefix length from 32 to 128.
#
############################################################################
# Case 1 - Host policy to secure outbound telnet
# Refer to the ipsec_config_add manpage for other valid service names.
############################################################################
#
#add host <outbound_telnet_policy_name> \
# -source <local_ip_address>/32 -destination <peer_ip_address>/32/TELNET \
# -action ESP_AES128_HMAC_SHA1
#
############################################################################
# Case 2 - Host policy to secure inbound telnet
############################################################################
# #add host <inbound_telnet_policy_name> \
# -source <local_ip_address>/32/TELNET -destination <peer_ip_address>/32 \
# -action ESP_AES128_HMAC_SHA1
#
############################################################################
# Case 3 - Host policy to secure all UDP packets between two hosts
############################################################################
# #add host <udp_policy_name> \
# -source <local_ip_address>/32 -destination <peer_ip_address>/32 \
# -protocol UDP -action ESP_AES128_HMAC_SHA1
#
############################################################################
# Case 4 - Host policy to secure all packets between two hosts
#
# NOTE: If you use this policy to secure all packets in an IPv4
# subnet, you may need to insert a policy to allow ICMP packets
# to and from routers to pass in cleartext.
# For example: # add host icmp_clear -destination <router_ip_address> \
# -protocol ICMP -action PASS #
############################################################################
# #add host <all_protocols_policy_name> \
# -source <local_ip_address>/32 -destination <peer_ip_address>/32 \
# -protocol ALL -action ESP_AES128_HMAC_SHA1
# ############################################################################
#