HP-UX IPSec version A.02.01 manpages
i
ipsec_config_add(1M) ipsec_config_add(1M)
(HP-UX IPSec Software Required)
Options and Operands
The ipsec_config add bypass
command recognizes the following operand:
ip_address
The address to bypass. This can be a virtual IP address (a secondary IP address configured for
an interface, such as an address configured for
lan0:1).
An entry in the bypass interface list affects only the logical interface for the IP address, not all
logical interfaces on the physical interface (network card). If you have secondary IP interfaces
configured for a physical interface (for example,
lan0:0
, lan0:1
, and
lan0:2
) and you
want IPSec to bypass all IP addresses for that physical interface, you must configure all the IP
addresses for the physical interface in the bypass list.
Examples
The system has two physical interfaces, both connected to secure, internal networks. You want to use
HP-UX IPSec to encrypt traffic on one interface, but disable HP-UX IPSec on the second interface,
12.1.1.1
.
ipsec_config -add bypass 12.1.1.1
IPSEC_CONFIG ADD CERT COMMAND
Name
add cert
- add a certificate for the local system to the HP-UX IPSec storage scheme
Synopsis
ipsec_config add cert -mycert mycert_filename
-cacert
cacert_filename
Description
The
ipsec_config add cert
command loads a certificate for the local system and a certificate for
the CA in from files and stores the certificates in
/var/adm/ipsec/ipsec.cert
. The certificates
files must be base64 encoded.
The
ipsec_config add cert
command is one of three
ipsec_config commands for using
certificates with HP-UX IPSec; the other commands are ipsec_config add csr
and
ipsec_config add crl.
Options and Operands
The
ipsec_config add cert
command recognizes the following options and operands:
-mycert
mycert_filename
Specifies the name of the base64 file that contains the certificate for the local system.
-cacert cacert_filename
Specifies the name of the base64 file that contains the certificate for the Certificate Authority
(CA).
Examples
Add the certificates for the local system and the CA to the HP-UX storage system. The certificates are
stored in the base64 files
/tmp/host1.pem
and /tmp/ca1.pem.
ipsec_config add cert -mycert /tmp/host1.pem -cacert /tmp/ca1.pem
IPSEC_CONFIG ADD CRL COMMAND
Name
add crl
- add a Certificate Revocation List (CRL) to the HP-UX IPSec storage scheme.
Synopsis
ipsec_config add crl -file crl_filename
ipsec_config add crl -ldap server_addr [-port port_number]
[-base search_base ][-filter search_filter]
Description
The
ipsec_config add crl command retrieves an X.509 CRL in Abstract Syntax Notation 1
(ASN.1) Distinguished Encoding Rules (DER) format from a local file or an LDAP directory. The
ipsec_config utility stores the retrieved CRL in the file /var/adm/ipsec/ipsec.cert.
14 Hewlett-Packard Company − 7 − HP-UX IPSec A.02.01