HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Blue Configuration.....................................................................................................................58

Step 3: Verifying the Batch File Syntax.................................................................................................59

Step 4: Committing the Batch File Configuration and Verifying Operation........................................60

Step 5: Configuring HP-UX IPSec to Start Automatically....................................................................62

ipsec_config add startup Syntax.........................................................................................62

Step 6: Creating Backup Copies of Configuration Files.......................................................................62

Configuration Tips and Reminders......................................................................................................63

4 Configuring HP-UX IPSec.............................................................................................65

Maximizing Security.............................................................................................................................66

Bypass List.......................................................................................................................................66

Strong End System Model...............................................................................................................66

Using ipsec_config .........................................................................................................................67

General Syntax Information............................................................................................................67

Argument Delimiters.................................................................................................................67

Line Continuation Character (\)................................................................................................67

ipsec_config add Command....................................................................................................67

ipsec_config batch Command................................................................................................67

Batch File Processing..................................................................................................................67

Batch File Syntax........................................................................................................................67

Comments.............................................................................................................................68

ipsec_config delete Command.............................................................................................68

ipsec_config export Command.............................................................................................68

ipsec_config show ...................................................................................................................68

Profile File........................................................................................................................................68

Using a Profile File with a Batch File.........................................................................................68

Profile File Structure...................................................................................................................68

Creating a Customized Profile File............................................................................................69

IPv6 Networks......................................................................................................................69

Multihomed Nodes with Private Interfaces.........................................................................69

Dynamic Configuration Updates....................................................................................................69

Dynamic Deletions.....................................................................................................................69

nocommit Argument......................................................................................................................69

Configuration Overview.......................................................................................................................70

Step 1: Configuring Host IPsec Policies................................................................................................72

Host Policy Order and Selection......................................................................................................72

default Host IPsec Policy........................................................................................................72

Automatic Priority Increment....................................................................................................72

ipsec_config add host Syntax...............................................................................................72

host_policy_name ................................................................................................................73

-source and -destination Addresses and Ports................................................................73

ip_addr ..............................................................................................................................74

prefix .................................................................................................................................74

port .....................................................................................................................................74

service_name ...................................................................................................................74

-protocol protocol_id ......................................................................................................75

ICMPv4 Messages.................................................................................................................75

ICMPv6 Messages.................................................................................................................75

-priority priority_number .............................................................................................76

-tunnel tunnel_policy_name ...........................................................................................76

-action ....................................................................................................................................76

transform_list ...............................................................................................................76

-flags flags ..........................................................................................................................78

Host IPsec Policy Configuration Examples.....................................................................................78

Table of Contents 5