HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

If you are using manual keys, preﬁx must be 32 if ip_addr is an IPv4 address or 128 if

ip_addr is an IPv6 address.

The following table shows the range and default for IPv4 and IPv6 addresses. The

defaults apply to non-zero addresses.

Type Range Default

IPv4 0 - 32 32 (0 for all-zero addresses)

IPv6 0 - 128 128 (0 for all-zero addresses)

The default is 0 (match any address) if ip_addr is an all-zeros address (

0.0.0.0

0::0

port The upper-layer protocol (TCP or UDP) port number. Specify the upper-layer protocol

with the

-protocol

argument described below.

Acceptable values: 0 - 65535. 0 indicates all ports. The value of the

-protocol

argument must be

TCP

or UDP

if port is not zero.

Default: 0 (all ports).

service_name

A character string that speciﬁes a network service. The

ipsec_config utility will add

a policy to the conﬁguration database with the appropriate port number and protocol, as

listed below. You cannot specify service_name and the

-protocol

argument in the

same policy.

service_name Port Protocol

DNS-TCP 53 TCP

DNS-UDP 53 UDP

FTP-DATA 20 TCP

FTP-CONTROL 21 TCP

HTTP-TCP 80 TCP

HTTP-UDP 80 UDP

NTP 123 UDP

REXEC 512 TCP

RLOGIN 513 TCP

RWHO 513 UDP

REMSH 514 TCP

REMPRINT 515 TCP

SMTP 25 TCP

TELNET 23 TCP

TFTP 69 UDP

-prot[ocol

] protocol_id

Upper-layer protocol. Value or name of the upper-layer protocol that HP-UX IPSec in the

address ﬁlter to select an IPsec policy for a packet. You cannot specify the

-protocol

argu-

ment and a service_name in the same policy.

Acceptable values: integer value in the range 0 (any protocol) - 255, or one of the following

protocol names:

TCP

, UDP, ICMP, ICMPV6

, IGMP, MH (Mobile IPv6 Mobility Header),

ALL

(any protocol).

protocol_id must be

TCP or UDP if port_number is speciﬁed and is not zero.

ICMPV6: Specifying ICMPV6 affects only the following ICMPv6 messages:

Echo Request,

Echo Reply

, Mobile Prefix Solicitation, Mobile Prefix Advertisement

To ensure proper operation of IPv6 networks, HP-UX IPSec always allows all ICMPv6 mes-

sages not listed above to pass in clear text

CAUTION: Discarding or requiring ICMP messages (Internet Control Message Protocol mes-

sages for IPv4; protocol value 1) to be encrypted or authenticated may cause connectivity prob-

lems.

Default: If you do not specify protocol_id ,

ipsec_config uses the value of the protocol

parameter in the GWPolicy-Defaults section of the proﬁle ﬁle used. The default value for

protocol is ALL in /var/adm/ipsec/.ipsec_profile.

HP-UX IPSec A.02.01 − 12 − Hewlett-Packard Company 19