HP-UX IPSec version A.02.01 manpages
i
ipsec_config_add(1M) ipsec_config_add(1M)
(HP-UX IPSec Software Required)
-auditdir
|
ad audit_directory
Specifies the directory in which HP-UX IPSec creates audit files.
Allowable values: Full file path name, up to 1023 characters long.
Default: If you do not specify audit_directory
, the default is the directory specified for the
directory parameter in the
StartUp-Defaults
section of the profile file used. The default
directory value is
/var/adm/ipsec
in
/var/adm/ipsec/.ipsec_profile
.
-maxsize
|
ms max_size
Specifies the maximum size of an audit file (in kilobytes) that HP-UX IPSec allows before it
creates a new audit file.
Range: 1 - 4294967295.
Default: If you do not specify max_size, the default is the value specified for the maxsize
parameter in the
StartUp-Defaults
section of the profile file used. The default maxsize
value is 100 (kilobytes) in
/var/adm/ipsec/.ipsec_profile
.
-spi_min
spi_min_value
Specifies the lower bound for inbound, dynamic key Security Parameters Index (SPI) numbers
in hexadecimal, prefixed by 0x, or decimal.
Range: 1 - 4294967295 (0x1 - 0xFFFFFFFF hexadecimal).
Default: If you do not specify spi_min_value, the default is the value specified for the spi_min
parameter in the
StartUp-Defaults
section of the profile file used. The default spi_min
value is 300 in
/var/adm/ipsec/.ipsec_profile
.
-spi_max
spi_max_value
Specifies the upper bound for inbound, dynamic key Security Parameters Index (SPI) numbers
in hexadecimal, prefixed by 0x, or decimal.
Range: 1 - 4294967295 (0x1 - 0xFFFFFFFF hexadecimal).
Default: If you do not specify spi_max_value, the default is the value specified for the
spi_max parameter in the
StartUp-Defaults
section of the profile file used. The default
spi_max value is 2500000 in
/var/adm/ipsec/.ipsec_profile
.
-spd_soft
spd_soft_limit
Specifies the "soft" limit for the size of the Security Policy Database (SPD). The SPD is the
HP-UX IPSec runtime policy database, with cached policy decisions for packet descriptors
(five-tuples consisting of exact, non-wildcard source IP address, destination IP address, proto-
col, source port, and destination port).
When the size of the SPD exceeds the soft limit, HP-UX IPSec logs a warning message to the
system console, and logs an additional warning message to the system console for each 1000
SPD entries added.
The spd_soft_limit is measured in units of 1000 entries.
Range: 1 - 1000000 units of 1000 entries (1000 - 1000000000 entries).
Default: If you do not specify spd_soft_limit, the default is the value specified for the spd_soft
parameter in the
StartUp-Defaults
section of the profile file used. The default spd_soft
value is 25 (25000 entries; approximately 58000 Kbytes of memory) in
/var/adm/ipsec/.ipsec_profile
.
-spd_hard
spd_hard_limit
Specifies the "hard" limit for the size of the Security Policy Database (SPD).
When the size of the SPD exceeds the hard limit, HP-UX IPSec stops adding new cache
entries, and discards any packets that do not match existing entries.
The spd_hard_limit is measured in units of 1000 entries.
Range: 1 - 1000000 units of 1000 entries (1000 - 1000000000 entries).
Default: If you do not specify spd_hard_limit, the default is the value specified for the
spd_hard parameter in the
StartUp-Defaults section of the profile file. The default
spd_hard value is 50 (50000 entries; approximately 116000 Kbytes of memory) in
/var/adm/ipsec/.ipsec_profile.
HP-UX IPSec A.02.01 − 26 − Hewlett-Packard Company 33