HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

Examples

Conﬁgure HP-UX IPSec to automatically start at system boot-up time, and to create audit ﬁles in the

/tmp/ipsec directory. All other startup parameters will be set to the default values.

ipsec_config add startup -autoboot ON -dir /tmp/ipsec

Conﬁgure HP-UX IPSec to create audit ﬁles in the

/tmp/ipsec

directory. All other startup parameters

will be set to the default values; autoboot will be set to OFF.

ipsec_config add startup -dir /tmp/ipsec

IPSEC_CONFIG ADD TUNNEL COMMAND

Name

add tunnel

- conﬁgure tunnel IPsec policies.

Synopsis

ipsec_config add tun

[nel

] tunnel_policy_name

[

-nocommit

|nc

]

[

-prof

[ile

] proﬁle_name]

[

-tsource

|tsrc

tunnel_address]

[

-tdestination

tdst tunnel_address]

[

-source|

src ip_address [/preﬁx[/port_number|service_name]]]

[

-destination|dst

ip_address [/preﬁx[/port_number|service_name]]]

[

-prot[

ocol] protocol_id ]

[

-act[

ion] transform_list]

[

-in manual_key_sa_speciﬁcation [

-in manual_key_sa_speciﬁcation ]]

[

-out manual_key_sa_speciﬁcation [

-out manual_key_sa_speciﬁcation ]]

DESCRIPTION

Use the

ipsec_config add tunnel

command to conﬁgure tunnel IPsec policies. Tunnel IPsec poli-

cies specify HP-UX IPSec behavior for IP packets tunneled by the local system. In an IPsec tunnel, a tun-

nel endpoint system encapsulates the original packet in a new IPsec packet with an AH or ESP header.

The other tunnel endpoint system processes the AH or ESP header, decapsulates the packet, and sends

the packet to the destination address in the original packet header.

An HP-UX system can be the end host in an end-to-end tunnel topology, or the end host in an end-to-

gateway tunnel topology. If the system is an HP-UX Mobile IPv6 Home Agent, it can also act as a gate-

way, but only when forwarding packets between a Mobile IPv6 client and its Correspondent Node.

Tunnel IPsec policies are referenced in host or gateway IPsec policies. HP-UX IPSec ﬁrst selects a host or

gateway IPsec policy to use for a packet. If the IPsec policy speciﬁes a tunnel policy, HP-UX IPSec uses

the information in the tunnel IPsec policy to establish an IPsec tunnel with the tunnel_destination.

Options and Operands

The

ipsec_config add tunnel

command recognizes the following options and operands:

tunnel_policy_name

The user-deﬁned name for the tunnel IPsec policy. This name must be unique for each tunnel

IPsec policy and is case-sensitive.

Acceptable values: 1 - 63 characters. Each character must be an ASCII alphanumeric char-

acter, hyphen (

-), or underscore (_

-nocommit

|nc

The ipsec_config

utility veriﬁes the tunnel IPsec policy, but does not add it to the

conﬁguration database. This argument is not valid if you are specifying an

add tunnel

operation in a batch ﬁle.

-pro[file] profile_name

Speciﬁes the name of the proﬁle ﬁle containing default argument values for this policy. The

argument values are evaluated once, when the policy is added to the conﬁguration database.

Values used from the proﬁle ﬁle become part of the conﬁguration record for the policy. This

argument is not valid if you are specifying an add tunnel operation in a batch ﬁle.

Maximum length: 1023 characters.

Default:

/var/adm/ipsec/.ipsec_profile.

34 Hewlett-Packard Company − 27 − HP-UX IPSec A.02.01