HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

231

232

233

234

235

236

237

238

239

240

Cluster Object Manager (COM)

If you are using a Cluster Object Manager (COM) on a system outside the cluster to provide

connections to COM clients, such as Serviceguard Manager clients, configure HP-UX IPSec so it

does not discard the packets listed in the sections that follow.

Cluster Node Host IPsec Policies for COM

For each cluster node, configure host IPsec policies so HP-UX IPSec does not discard (the action

is not DISCARD ) the packets listed below. If IPsec is not installed on the COM system, you must

configure PASS host IPsec policies for these packets.

Destination PortSource PortProtocolDestination IP AddressSource IP Address

05302TCP

COM system addresscluster node address

(or wildcard)

05302UDP

COM system addresscluster node address

(or wildcard)

COM System Host IPsec Policies

If HP-UX IPSec is installed on the COM system, configure host IPsec policies for the packets

listed below with an action (PASS or transform lists) that match the policies on the cluster nodes.

Destination PortSource PortProtocolDestination IP AddressSource IP Address

53020TCP

cluster node addressCOM system address

(or wildcard)

53020UDP

cluster node addressCOM system address

(or wildcard)

You must also configure HP-UX IPSec so it does not discard packets to COM clients, as listed

below.

Destination PortSource PortProtocolDestination IP AddressSource IP Address

53030TCP

COM client addressCOM system address

(or wildcard)

Configure corresponding host IPsec policies on the COM clients as appropriate.

Consolidated Log (clog)

If you using the consolidated log (clog) package with the Serviceguard Manager, configure

HP-UX IPSec so it does not discard packets between cluster nodes and the SMH Management

Station as described in the sections that follow.

Cluster Node Host IPsec Policies for Consolidated Log

For each cluster node, configure host IPsec policies so HP-UX IPSec does not discard (the transform

list contains any transform except DISCARD ) the packets listed below. If HP-UX IPSec is not

installed on the SMH Management Station, configure PASS host IPsec policies for these packets.

Destination PortSource PortProtocolDestination IP AddressSource IP Address

0clog_port

(the TCP port

configured for

the clog

package

TCP

SMH Management Station

address

cluster node address

(or wildcard)

232 HP-UX IPSec and Serviceguard