HP-UX IPSec Version A.03.00 Administrator's Guide
Standalone Serviceguard Manager Host IPsec Policies
If HP-UX IPSec is installed on the standalone Serviceguard Manager system, configure host IPsec
policies for the packets listed below with actions (PASS or transform lists) that match the policies
on the cluster nodes.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
1610UDP
cluster node addressServiceguard Manager
address (or wildcard)
0162UDP
cluster node addressServiceguard Manager
address (or wildcard)
WBEM Access
To enable external clients to have WBEM access to cluster nodes, configure HP-UX IPSec so it
does not discard packets between the clients and the cluster nodes as described in the sections
that follow. WBEM can be configured to use Secure Socket Layer (SSL) security. Secure WBEM
access uses TCP port 5989. Non-secure WBEM access uses TCP port 5988.
Cluster Node Host IPsec Policies for Secure WBEM Access
For each cluster node, configure host IPsec policies so HP-UX IPSec does not discard (the transform
list contains any transform except DISCARD ) the packets listed below. If HP-UX IPSec is not
installed on the WBEM client, configure PASS host IPsec policies for these packets.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
05989TCP
WBEM client addresscluster node address
(or wildcard)
Cluster Node Host IPsec Policies for Non-Secure WBEM Access
For each cluster node, configure host IPsec policies so HP-UX IPSec does not discard (the transform
list contains any transform except DISCARD ) the packets listed below. If HP-UX IPSec is not
installed on the WBEM client, configure PASS host IPsec policies for these packets.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
05988TCP
WBEM client addresscluster node address
(or wildcard)
Secure WBEM Client Host IPsec Policies
If HP-UX IPSec is installed on the WBEM client, configure host IPsec policies for the packets
listed below with an action (PASS or transform lists) that match the policies on the cluster nodes.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
59890TCP
cluster node addressWBEM client address
(or wildcard)
Non-Secure WBEM Client Host IPsec Policies
If HP-UX IPSec is installed on the WBEM client, configure host IPsec policies for the packets
listed below with an action (PASS or transform lists) that match the policies on the cluster nodes.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
59880TCP
cluster node addressWBEM client address
(or wildcard)
Step 1: Configuring HP-UX Host IPsec Policies for Serviceguard 231