Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
61626364656667686970
Comments
Lines starting with a pound sign (#) are interpreted as comments. Comment lines within an
operation are not allowed.
ipsec_config delete Command
The ipsec_config delete command deletes objects from the configuration and runtime
databases. For example, the following command deletes the host IPsec policy my_host_policy
from the configuration database:
ipsec_config delete host my_host_policy
ipsec_config export Command
The ipsec_config export command exports the contents of the configuration database to
a batch file that you can use as input for the ipsec_config batch command. You can then
use the batch file to re-create the configuration database if the database is corrupt or lost (see
“Re-Creating the Configuration Database” (page 139)), or use the batch file as a base for creating
a similar configuration on another system.
The ipsec_config export command can also take the output from the ipsec_config
show all command and to create a batch file. See “Exporting the Configuration Database to a
Batch File” (page 138) for more information.
ipsec_config show
The ipsec_config show command displays objects in the configuration database. For example,
the following command displays the host IPsec policies in the configuration database:
ipsec_config show host
The ipsec_config show all command displays the entire contents of the database.
Profile File
An ipsec_config profile file contains default argument values that are evaluated in
ipsec_config add commands if the user does not specify the values in the command. The
values are evaluated once, when the policy is added to the configuration database. Values used
from the profile file become part of the configuration record for the policy.
You can specify a profile file name with the -profile argument as part of an ipsec_config
command. By default, ipsec_config uses the /var/adm/ipsec/.ipsec_profile profile
file, which is shipped with HP-UX IPSec. In most topologies, you can use the default values
supplied in the /var/adm/ipsec/.ipsec_profile file.
HP-UX IPSec also has internal default values that are the same as the values in the /var/adm/
ipsec/.ipsec_profile file shipped with the product. If the /var/adm/ipsec/
.ipsec_profile file does not exist and the user does not specify an alternate profile file, HP-UX
IPSec uses its internal default values.
Using a Profile File with a Batch File
You can specify the profile argument as part of the ipsec_config batch command line and
ipsec_config will apply it to all entries in the batch file. The profile argument is illegal
inside batch files (you cannot specify the profile argument as part of a statement inside a batch
file).
Refer to the ipsec_config_batch(1M) manpage for more information.
Profile File Structure
The profile file is separated into sections that contain default parameter values for different
configuration objects. For example, the HostPolicy-Defaults section contains defaults for host
68 Configuring HP-UX IPSec