HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

Range: 1 - 65535.

Default: 365.

-key-length

klen number_bits

Speciﬁes the key length for the public/private keys, in bits. Verify that the number you specify

is allowed by your CA.

Valid values: 512, 1024, 2048 bits.

Default: 1024.

Examples

Create a CSR for the system

myhost with the DN

cn=myhost,c=us,o=hp,ou=lab

as the subject,

and its IPv4 address,

192.6.2.2

, in the subjectAlternativeName ﬁeld.

ipsec_config add csr -subject cn=myhost,c=us,o=hp,ou=lab \

-alt-ipv4 192.6.2.2

IPSEC CONFIG ADD GATEWAY COMMAND

Name

add gateway

- conﬁgure gateway IPsec policies for HP-UX Mobile IPv6 Home Agents

Synopsis

ipsec_config add gateway

gw gw_policy_name

[

-nocommit|nc

]

[

-prof[

ile] proﬁle_name]

[

-source|

src ip_address [/preﬁx[port_number|service_name]]]

[

-destination|

dst ip_address [/preﬁx[/port_number|service_name]]]

[

-prot[

ocol] protocol_id ]

[

-pri[

ority] priority_number]

[

-tun[

nel] tunnel_policy_name]

[

-act[

ion] FORWARD|FWD|DISC[ARD]]

[

-flags ﬂags

]

[

-homeclear|

hc interface_name]

Remarks

Use this option only when the local system is an HP-UX Mobile IPv6 Home Agent.

Description

Use the

ipsec_config add gateway

command to conﬁgure gateway IPsec policies. Do not use this

command unless the local system is an HP-UX Mobile IPv6 Home Agent.

Gateway IPsec policies specify HP-UX IPSec behavior when the local system is acting as a gateway (for-

warding packets that the local system receives with a non-local destination IP address). An HP-UX sys-

tem can act as a gateway only when it is an HP-UX Mobile IPv6 Home Agent, and forwarding packets

between a Mobile IPv6 client and its Correspondent Node.

To specify behavior for IP packets sent or received by the local system as an end host, use the

ipsec_config add host

command to conﬁgure host IPsec policies.

When an IPsec system receives a packet for an address that is not on the local system, HP-UX IPSec

searches the gateway IPsec policies in priority order and selects the ﬁrst policy with address, protocol,

and port speciﬁcations that match the packet. HP-UX IPSec then takes the action speciﬁed in the

selected gateway IPsec policy.

The HP-UX IPSec conﬁguration database includes a gateway IPsec policy named

default. HP-UX

IPSec uses the

default gateway IPsec policy when it receives a packet for an address that is not on the

local system and no other gateway IPsec policies match the packet. The default gateway IPsec policy

shipped with HP-UX IPSec forwards packets in clear text. (the -action argument value is DISCARD).

You cannot delete the default gateway IPsec policy, or modify any argument values except the argu-

ment for its behavior (the value for the -action argument). You can change the action argument value

so it discards packets using the following command:

ipsec_config add gateway default -action DISCARD

To change back the default gateway IPsec policy so it forwards packet in clear text, use the following

command:

HP-UX IPSec A.02.01 − 10 − Hewlett-Packard Company 17