HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

service_name Port Protocol

DNS-TCP 53 TCP

DNS-UDP 53 UDP

FTP-DATA 20 TCP

FTP-CONTROL 21 TCP

HTTP-TCP 80 TCP

HTTP-UDP 80 UDP

NTP 123 UDP

REXEC 512 TCP

RLOGIN 513 TCP

RWHO 513 UDP

REMSH 514 TCP

REMPRINT 515 TCP

SMTP 25 TCP

TELNET 23 TCP

TFTP 69 UDP

-prot

[

ocol] protocol_id

Upper-layer protocol. Value or name of the upper-layer protocol that HP-UX IPSec in the

address ﬁlter to select an IPsec policy for a packet. You cannot specify the

-protocol

argu-

ment and a service_name in the same policy.

Acceptable values: integer value in the range 0 (any protocol) - 255, or one of the following

protocol names:

TCP,

UDP, ICMP,

ICMPV6, IGMP

, MH (Mobile IPv6 Mobility Header),

ALL

(any protocol).

protocol_id must be

TCP

or UDP if port_number is speciﬁed and is not zero.

ICMPV6: Specifying ICMPV6 affects only the following ICMPv6 messages:

Echo Request

Echo Reply, Mobile Prefix Solicitation

, Mobile Prefix Advertisement

To ensure proper operation of IPv6 networks, HP-UX IPSec always allows all ICMPv6 mes-

sages not listed above to pass in cleartext

CAUTION: Discarding or requiring ICMP messages for IPv4 (protocol value 1) to be

encrypted or authenticated may cause connectivity problems.

Default: If you do not specify protocol_id ,

ipsec_config uses the value of the

protocol

parameter in the

HostPolicy-Defaults

section of the proﬁle ﬁle used. The default value

for

protocol is ALL

in /var/adm/ipsec/.ipsec_profile

-pri[ority

] priority_number

The priority value HP-UX IPSec will use when selecting a host IPsec policy (a lower priority

value has a higher priority). The priority must be unique for each host IPsec policy.

Range: 1 - 2147483647.

Default: If you do not specify a priority,

ipsec_config assigns a priority value that is set

to the current highest priority value (lowest priority) for host IPsec policies in the conﬁguration

data base, incremented by the automatic priority increment value (priority ) for host IPsec poli-

cies speciﬁed in the

HostPolicy-Defaults

section of the proﬁle ﬁle used (this policy will

be the last policy evaluated before the default policy). The default automatic priority incre-

ment value (priority )is10in

/var/adm/ipsec/.ipsec_profile

If this is the ﬁrst host IPsec policy created,

ipsec_config uses the automatic priority incre-

ment value as the priority .

-tunnel

tunnel_policy_name

If packets using this host IPsec policy will be tunneled and the local system is one of the tunnel

endpoints, enter the name of the tunnel IPsec policy to use with this host IPsec policy.

-act[ion] PASS|DISC[ARD]|transform_list

Speciﬁes the action HP-UX IPSec will perform on packets using this policy.

The action must be

PASS if this is an end system in a host-to-host tunnel topology.

Default: The action deﬁned for the action parameter in the

HostPolicy-Defaults sec-

tion of the proﬁle ﬁle used. The default deﬁnition for action is DISCARD in

/var/adm/ipsec/.ipsec_profile.

24 Hewlett-Packard Company − 17 − HP-UX IPSec A.02.01