HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

Type Range Default

IPv4 0 - 32 32 (0 if address is all-zeros)

IPv6 0 - 128 128 (0 if address is all-zeros)

The default is 0 (match any address) if ip_addr is an all-zeros address (

0.0.0.0

0::0). You must specify preﬁx if you specify port_number or service_name .

port_number

port is the upper-layer protocol (TCP or UDP) port number. Specify the upper-layer

protocol with the

-protocol

argument described below.

Acceptable values: 0 - 65535. 0 indicates all ports. The value of the

-proto-

col

argument must be

TCP or

UDP if port is not zero.

The port must be 0 if the corresponding host policy the host policy that references

this tunnel policy) uses a transform (the corresponding host policy action is not

PASS

Default: 0 (all ports).

service_name

A character string that speciﬁes a network service. The

ipsec_config

utility

adds a policy to the conﬁguration database with the appropriate port number and

protocol, as listed below. You cannot specify service_name and the

-protocol

argument in the same policy.

service_name Port Protocol

DNS-TCP 53 TCP

DNS-UDP 53 UDP

FTP-DATA 20 TCP

FTP-CONTROL 21 TCP

HTTP-TCP 80 TCP

HTTP-UDP 80 UDP

NTP 123 UDP

REXEC 512 TCP

RLOGIN 513 TCP

RWHO 513 UDP

REMSH 514 TCP

REMPRINT 515 TCP

SMTP 25 TCP

TELNET 23 TCP

TFTP 69 UDP

-prot[

ocol] protocol_id

Upper-layer protocol. Value or name of the upper-layer protocol that HP-UX IPSec uses in the

address ﬁlter to select an IPsec policy for a packet. You cannot specify the

-protocol

argu-

ment and a service_name in the address ﬁlter in the same policy.

Acceptable values: integer value in the range 0 (any protocol) - 255, or one of the following

protocol names:

TCP

, UDP, ICMP, ICMPV6

, IGMP, MH (Mobile IPv6 Mobility Header),

ALL

(any protocol). ICMP

and IGMP are valid only with IPv4 addresses.

ICMPV6 and

MH are valid

only with IPv6 addresses.

protocol_id must be

TCP or UDP if port_number is speciﬁed and is not zero. The protocol_id

must be ALL or 0 if the corresponding host policy the host policy that references this tunnel

policy (uses a transform (the corresponding host policy action is not

PASS).

ICMPV6: Specifying

ICMPV6 affects only the following ICMPv6 messages: Echo Request,

Echo Reply, Mobile Prefix Solicitation, Mobile Prefix Advertisement.

To ensure proper operation of IPv6 networks, HP-UX IPSec always allows all ICMPv6 mes-

sages not listed above to pass in cleartext

CAUTION: Discarding or requiring ICMP messages messages for IPv4 (protocol value 1) to be

encrypted or authenticated may cause connectivity problems.

Default: If you do not specify protocol_id ,

ipsec_config uses the value of the protocol

parameter in the TunnelPolicy-Defaults section of the proﬁle ﬁle used. The default

36 Hewlett-Packard Company − 29 − HP-UX IPSec A.02.01