HP-UX IPSec Version A.03.00 Administrator's Guide
Serviceguard Quorum Server
If you are using a Quorum Server for the Serviceguard cluster, configure HP-UX IPSec so it does
not discard packets listed in the sections below.
Cluster Node IPsec Policies for Quorum Server
For each cluster node, configure host IPsec policies so HP-UX IPSec does not discard (the transform
list contains any transform except DISCARD ) the packets listed below. If HP-UX IPSec is not
installed on the Quorum Server, configure PASS host IPsec policies for these packets.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
12380TCP
Quorum Server addresscluster node address
(or wildcard)
Quorum Server IPsec Policies
If HP-UX IPSec is installed on the Quorum Server, configure host IPsec policies for the packets
listed below with actions (PASS or transform lists) that match the policies on the cluster nodes.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
01238TCP
cluster node addressQuorum Server address
(or wildcard)
Remote Command Execution
To enable systems outside the cluster to execute Serviceguard commands (remote command
clients, such as the systems in the /etc/cmcluster/cmclnodelist file), configure HP-UX
IPSec so it does not discard the packets listed in the sections below.
Cluster Node IPsec Policies for Remote Command Execution
For each cluster node, configure host IPsec policies so HP-UX IPSec does not discard (the transform
list contains any transform except DISCARD ) the packets listed below. If HP-UX IPSec is not
installed on the remote command clients, configure PASS host IPsec policies for these packets.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
05302TCP
remote command client
address
cluster node address
(or wildcard)
05302UDP
remote command client
address
cluster node address
(or wildcard)
The cluster nodes also initiate TCP connections to the remote command clients using dynamically
assigned source and destination ports, as listed below. You must configure HP-UX IPSec so it
does not discard the packets listed below, however, HP recommends that you do not allow the
packets to pass in clear text. For more information, see “Maximizing Security” (page 66).
Destination PortSource PortProtocolDestination IP AddressSource IP Address
00TCP
remote command client
address
cluster node address
(or wildcard)
228 HP-UX IPSec and Serviceguard