HP-UX IPSec version A.02.01 manpages
i
ipsec_config_add(1M) ipsec_config_add(1M)
(HP-UX IPSec Software Required)
-nocommit
|
nc
The ipsec_config
utility verifies the IKE policy, but does not add it to the configuration
database. This argument is not valid if you specify an
add ike
operation in a batch file.
-prof
[
ile] profile_name
The name of the profile file containing default argument values for this policy. The argument
values are evaluated once, when the policy is added to the configuration database. Values used
from the profile file become part of the configuration record for the policy. This argument is
not valid if you specify an
add ike
operation in a batch file.
Maximum length: 1023 characters.
Default:
/var/adm/ipsec/.ipsec_profile
.
-rem
[
ote] ip_addr[/prefix]
The IP address and network prefix length that specifies the remote system or subnet for this
policy. HP recommends that you do not specify a wildcard address (
0.0.0.0/0 or
0::0/0
).
Wildcard addresses allow unauthorized systems to engage in IKE negotiations with the local
system.
ip_addr
The remote IP address.
Acceptable values: An IPv4 address in dotted-decimal notation or an IPv6
address in colon-hexadecimal notation. HP-UX IPSec does not support unspecified
IPv6 addresses. However, you can use the double-colon (::) notation within a
specified IPv6 address to denote a number of zeros (0) within an address. The
address cannot be a broadcast, subnet broadcast, multicast, or anycast address.
Default: None.
prefix
The prefix length, or the number of leading bits that must match when comparing
an IP address of the remote system with ip_addr.
For IPv4 addresses, a prefix length of 32 bits indicates that all the bits in both
addresses must match. Use a value less than 32 to specify a subnet address filter.
For IPv6 addresses, a prefix length of 128 bits indicates that all the bits in both
addresses must match. Use a value less than 128 to specify a subnet address filter.
The following table shows the range and default for IPv4 and IPv6 addresses. The
defaults apply to non-zero addresses.
Type Range Default
IPv4 0 - 32 32 (0 if address is all-zeros)
IPv6 0 - 128 128 (0 if address is all-zeros)
The default is 0 (match any address) if ip_addr is an all-zeros address (
0.0.0.0
or 0::0).
-pri[
ority] priority_number
Specifies the priority value HP-UX IPSec will use when selecting an IKE policy (a lower prior-
ity value has a higher priority). The priority must be unique for each IKE policy.
Range: 1 - 2147483647.
Default: If you do not specify a priority,
ipsec_config assigns a priority value that is set
to the current highest priority value (lowest priority) in the configuration data base, incre-
mented by the automatic priority increment value (priority) for IKE policies specified in the
IKEPolicy-Defaults section of the profile file (this policy will be the last policy). The
default automatic priority increment value (priority) is 10.
If this is the first IKE policy created,
ipsec_config uses the automatic priority increment
value as the priority.
-auth[entication] PSK|RSASIG
Specifies the primary authentication method HP-UX IPSec will use when establishing the IKE
SA. This must match the method configured on the remote system.
30 Hewlett-Packard Company − 23 − HP-UX IPSec A.02.01