HP-UX IPSec version A.02.01 manpages
i
ipsec_admin(1M) ipsec_admin(1M)
(HP-UX IPSec Software Required)
-spi_min
spi_min_value
Specifies the lower bound for inbound, dynamic key Security Parameters Index (SPI) numbers
in hexadecimal, prefixed by 0x, or decimal.
Range: 1 - 4294967295 (0x1 - 0xFFFFFFFF hexadecimal).
Default: If you do not specify spi_min_value, the default is the value specified for the spi_min
parameter in the
StartUp-Defaults
section of the profile file. The default spi_min value
is 300.
-spi_max
spi_max_value
Specifies the upper bound for inbound, dynamic key Security Parameters Index (SPI) numbers
in hexadecimal, prefixed by 0x, or decimal.
Range: 1 - 4294967295 (0x1 - 0xFFFFFFFF hexadecimal).
Default: If you do not specify spi_max_value, the default is the value specified for the
spi_max parameter in the
StartUp-Defaults
section of the profile file. The default
spi_max value is 2500000.
-spd_soft
spd_soft_limit
Specifies the "soft" limit for the size of the Security Policy Database (SPD). The SPD is the
HP-UX IPSec runtime policy database, with cached policy decisions for packet descriptors
(five-tuples consisting of exact, non-wildcard source IP address, destination IP address, proto-
col, source port, and destination port).
When the size of the SPD exceeds the soft limit, HP-UX IPSec logs a warning message to the
system console, and logs an additional warning message to the system console for each 1000
SPD entries added.
The spd_soft_limit is measured in units of 1000 entries.
Range: 1 - 1000000 units of 1000 entries (1000 - 1000000000 entries).
Default: If you do not specify spd_soft_limit, the default is the value specified for the spd_soft
parameter in the
StartUp-Defaults
section of the profile file. The default spd_soft value
is 25 (25000 entries; approximately 58000 Kbytes of memory).
-spd_hard
spd_hard_limit
Specifies the "hard" limit for the size of the Security Policy Database (SPD).
When the size of the SPD exceeds the hard limit, HP-UX IPSec stops adding new cache
entries, and discards any packets that do not match existing entries.
The spd_hard_limit is measured in units of 1000 entries.
Range: 1 - 1000000 units of 1000 entries (1000 - 1000000000 entries).
Default: If you do not specify spd_hard_limit, the default is the value specified for the
spd_hard parameter in the
StartUp-Defaults
section of the profile file. The default
spd_hard value is 50 (50000 entries; approximately 116000 Kbytes of memory).
-flushsa
|fa
Allows the user to flush all the IKE SAs and IPSec SAs. You can also use this option to clear
the SA database without restarting HP-UX IPSec.
This option is automatically executed when you execute the -stop
option.
-flushp|
fp
Allows the user to flush the Security Policy data base kept by the Policy daemon and the ker-
nel policy engine without restarting HP-UX IPSec.
This option is automatically executed when you execute the
-stop option.
-deletesa|da remote_ip_address
Allows the user to delete the IKE SA and IPSec SAs for a given remote_ip_address.
remote_ip_address must be in dotted-decimal notation for IPv4 addresses or colon-hexadecimal
notation for IPv6 addresses.
RETURN VALUE
Upon successful completion,
ipsec_admin returns 0; otherwise it returns 1.
HP-UX IPSec A.02.01 − 3 − Hewlett-Packard Company 3