Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
71727374757677787980
[-protocol protocol_id] [-priority priority_number]
[-action PASS|DISCARD|transform_list] [-flags flags]
HP recommends that you use an ipsec_config batch file to configure HP-UX IPSec. To specify
an add host operation for an ipsec_config batch file, use the above syntax without the
ipsec_config command name:
add host host_policy_name
[-source ip_addr[/prefix[/port_number|service_name]]]
[-destination ip_addr[/[prefix[/port_number|service_name]]]
[-protocol protocol_id] [-priority priority_number]
[-action PASS|DISCARD|transform_list] [-flags flags]
The complete ipsec_config add host syntax specification also allows you to specify the
following arguments:
nocommit (verify the syntax but do not commit the information to the database)
profile (alternate profile file)
in and out (inbound and outbound SA information for manual keys)
dst_icmp_type and src_icmp_type (source and destination ICMPv4 type values)
dst_icmpv6_type and src_icmpv6_type (source and destination ICMPv6 type values)
Refer to the ipsec_config_add(1M) manpage for complete syntax information.
host_policy_name
The host_policy_name is the user-defined name for the host IPsec policy. This name must be
unique for each host IPsec policy and is case-sensitive.
Valid Values: 1 - 63 characters. Each character must be an ASCII alphanumeric character, hyphen
(-), or underscore (_).
The name default is reserved. See default Host IPsec Policy” (page 72) for more information.
-source and -destination Addresses and Ports
HP-UX IPSec uses the ip_addr , prefix , and port_number or service_name with the
protocol argument to form address filters. HP-UX IPSec uses the address filters to select an
IPsec policy for a packet.
TIP: For host policies, the source address is the local address and the destination address is the
remote address.
Specify a local IP address for the source ip_addr. For an outbound packet, HP-UX IPSec compares
the source address filters with the source address fields in the packet, and the destination address
filters with the destination address fields in the packet. For an inbound packet, HP-UX IPSec
compares the source address filter with the destination address fields in the packet, and the
destination address filter with the source address fields in the packet.
You can repeat the -source and -destination arguments up to 20 times each to specify
multiple filters. HP-UX IPSec will select a policy for a packet if any of the filters matches the
packet. For more information about how HP-UX IPSec uses the address and port specifications
when negotiating IPsec SAs, see “IPsec SA Packet Descriptors” (page 183).
Default: If you do not specify ip_addr, prefix , and port_number or service_name,
ipsec_config uses the value of the source or destination parameter in the
HostPolicy-Defaults section of the profile file used. The default value for source and
destination is 0.0.0.0/0/0 (match any IPv4 address, any port) in /var/adm/ipsec/
.ipsec_profile.
Step 1: Configuring Host IPsec Policies 73