HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_batch(1M) ipsec_conﬁg_batch(1M)

(HP-UX IPSec Software Required)

NAME

ipsec_conﬁg_batch - allow for processing of IPsec conﬁg operations in a single batch ﬁle

SYNOPSIS

ipsec_config batch

batch_ﬁle_name [

-nocommit

|nc

][

-pro

[

file] proﬁle_ﬁle]

DESCRIPTION

The

ipsec_config batch

command allows you to specify multiple

ipsec_config add

and

ipsec_config delete

operations in a single batch ﬁle for processing. HP-UX IPSec processes the

operations in a batch ﬁle as a group. This mode is useful if you are adding or deleting conﬁguration

records that may affect other records.

If one operation is invalid, all operations in the batch ﬁle fail. The

ipsec_config

utility ﬁrst veriﬁes

each operation in the batch ﬁle for syntax errors and collisions (object names and priority values) with

existing entries in the conﬁguration database. If all operations in the batch ﬁle are valid, the HP-UX

IPSec infrastructure updates the conﬁguration database with all operations at the same time. If HP-UX

IPSec is active and running, the HP-UX IPSec infrastructure also updates the runtime policy database.

Options and Operands

The batch operation recognizes the following options and operands:

batch_file_name

The name of the batch ﬁle containing

ipsec_config add and

ipsec_config delete

operations.

A batch ﬁle cannot contain operations that operate on the following objects:

cert

csr

crl

For example, the

add cert operation is illegal in a batch ﬁle.

In addition, a batch ﬁle cannot contain the following commands:

•

ipsec_config batch (

ipsec_config does not allow recursive batch ﬁles) or

ipsec_config show commands.

•

ipsec_config export

• ipsec_config show

Lines starting with a pound sign (

#) are interpreted as comments. Comment lines within an

operation are not allowed.

Maximum length: 1023 characters.

Default: None.

-nocommit

|nc

The ipsec_config utility veriﬁes the

ipsec_config add

and ipsec_config

delete

operations, but does not add or delete entries in the conﬁguration database. This

option applies to all operations in the batch ﬁle. Individual operations in the batch ﬁle cannot

specify the

-nocommit option.

-pro

[file] profile_name

Speciﬁes the name of the proﬁle ﬁle containing default argument values for this policy. The

argument values are evaluated once, when the policy is added to the conﬁguration database.

Values used from the proﬁle ﬁle become part of the conﬁguration record for the policy.

This argument applies to all operations in the batch ﬁle. Individual operations in the batch

ﬁle cannot specify the proﬁle argument.

Maximum length: 1023 characters.

Default:

/var/adm/ipsec/.ipsec_profile.

EXAMPLES

ipsec_config -batch /var/adm/ipsec/mybatch

The ﬁle /var/adm/ipsec/mybatch contains the following entries:

HP-UX IPSec A.02.01 − 1 − Hewlett-Packard Company 41