HP-UX IPSec Version A.03.00 Administrator's Guide

Step 9: Configuring HP-UX IPSec to Start Automatically

After you have verified your HP-UX IPSec configuration is properly operating, you can configure

HP-UX IPSec so that it starts automatically at system startup time.

TIP: HP recommends that you configure HP-UX IPSec to start automatically at system startup

time once you have a known, good HP-UX IPSec configuration. This allows HP-UX IPSec to

secure your system at all times.

ipsec_config add startup Syntax

Use the following ipsec_config add startup syntax to configure HP-UX IPSec to start

automatically at system startup time:

ipsec_config add startup -autoboot ON

The complete ipsec_config add startup syntax specification also allows you to specify

the following arguments:

• nocommit (verify the syntax but do not commit the information to the database)

• profile (alternate profile file)

• auditlvl (audit level)

• auditdir (audit directory)

• maxsize (maximum audit file size)

• spi_min (lower bound for inbound, dynamic Security Parameters Index)

• spi_max (upper bound for inbound, dynamic key Security Parameters Index)

• spd_soft (the “soft” limit for the size of the Security Policy Database)

• spd_hard (the “hard” limit for the size of the Security Policy Database)

• icmp_error_process (enable or disable RFC 4301 secure processing for ICMP and ICMPv6

error messages)

Refer to the ipsec_config_add(1M) manpage for complete syntax information.

110 Configuring HP-UX IPSec