HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_policy(1M) ipsec_policy(1M)

(HP-UX IPSec Software Required)

-dp|

dport dst_port

Speciﬁes the destination port number (dst_port ) of the packet. If the direction is out, this is

the remote port number. If the direction is in, this is the local port number.

Range: An unsigned integer in the range 1 - 65535.

Default: If omitted, any port number is assumed.

If you are making a query for an inbound client-server application where the client port

number can be any user-space port, specify a "dummy" user-space port number for the destina-

tion (server) port such as 65535.

-p

|protocol ICMP|ICMPV6|IGMP|MH|TCP|UDP]

Speciﬁes the network_protocol of the packet.

Acceptable values:

ICMP, ICMPV6, IGMP

MH (Mobile IPv6 Mobility Header),

TCP,or

UDP

Default: Any network protocol (0).

-dir|

direction out|in|forward|fwd]

Speciﬁes the direction for the packet speciﬁcation.

Acceptable values:

IN,

OUT,

FORWARD

,or

FWD.

Default:

OUT.

RETURN VALUE

Upon successful completion,

ipsec_policy

returns 0; otherwise it returns 1.

ERRORS

ipsec_policy

fails if any of the following conditions is encountered:

• Command used incorrectly - Usage message is returned.

• HP-UX IPSec subsystem is not running - returns the following message:

IPSEC_POLICY: ALERT--sendto() error to the Policy Daemon, errno: 2.

EXAMPLES

IPv4 Example

On system A (

192.6.1.1), you want to determine which host IPsec policy will be used for outbound tel-

net trafﬁc to system B (

192.6.1.2) or when local users telnet to system B. Since the telnet clients on

system A will use any unused user-space TCP port and the telnet daemons on system B will use TCP port

23, you could use the following command:

ipsec_policy -sa 192.6.1.1 -sp 65535 \

-da 192.6.1.2 -dp 23 -p tcp -dir out

On system A (

192.6.1.1), you want to determine which host IPsec policy will be used for inbound tel-

net trafﬁc from system B (192.6.1.2), or when users on system B telnet to the local system. Since the

local telnet daemons will use TCP port 23 and clients on system B will use any unused user-space TCP

port, you could use the following command:

ipsec_policy -sa 192.6.1.2 -sp 65535 \

-da 192.6.1.1 -dp 23 -p tcp -dir in

IPv6 example

On system A (

fe80::260:b0ff:fec4:ace7

), you want to determine which host IPsec policy will be

used for outbound telnet trafﬁc to system B (

fe80::260:b0ff:fec4:ace8

) or when local users telnet

to system B. Since the telnet clients on system A will use any unused user-space TCP port and the telnet

daemons on system B will use TCP port 23, you could use the following command:

ipsec_policy -sa fe80::260:b0ff:fec4:ace7 -sp 65535 \

-da fe80::260:b0ff:fec4:ace8 -dp 23 -p tcp -dir out

On system A (fe80::260:b0ff:fec4:ace7), you want to determine which host IPsec policy will be

used for inbound telnet trafﬁc from system B (fe80::260:b0ff:fec4:ace8), or when users on sys-

tem B telnet to the local system. Since the local telnet daemons will use TCP port 23 and clients on sys-

tem B will use any unused user-space TCP port, you could use the following command:

HP-UX IPSec A.02.01 − 2 − Hewlett-Packard Company 49