HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Table 4-1 ipsec_config Service Names (continued)

ProtocolPortService Name

TCP80

HTTP-TCP

UDP80

HTTP-UDP

UDP123

NTP

TCP512

REXEC

TCP513

RLOGIN

UDP513

RWHO

TCP514

REMSH

TCP515

REMPRINT

TCP25

SMTP

TCP23

TELNET

UDP69

TFTP

-protocol protocol_id

The protocol_id is the value or name of the upper-layer protocol that HP-UX IPSec uses in

the address filter to select an IPsec policy for a packet. You cannot specify protocol and a

service_name in the same policy.

Valid Values: Integer value 0 (any protocol) - 255, or one of the following protocol names:

• TCP

• UDP

• ICMP

• ICMPV6

• IGMP

• ALL (any protocol)

The protocols ICMP and IGMP are valid with IPv4 addresses only. The protocol ICMPV6 is valid

with IPv6 addresses only.

The protocol_id must be TCP or UDP if port is non-zero.

Default: ALL.

ICMPv4 Messages

If protocol_id is ICMP or ALL, the policy applies to all ICMPv4 message types by default. If

protocol_id is ICMP, you can restrict the policy to specific ICMPv4 message type values with the

-dst_icmp_type and -src_icmp_type arguments.

For more information, see“ICMPv4 Message Processing” (page 184).

CAUTION: Discarding or requiring ICMP messages for IPv4 (protocol value 1) to be encrypted

or authenticated may cause connectivity problems.

ICMPv6 Messages

If protocol_id is ICMPV6 or ALL, the policy applies to only the following ICMPv6 message types:

• Echo Request

• Echo Reply

• Mobile Prefix Solicitation

• Mobile Prefix Advertisement

Step 1: Configuring Host IPsec Policies 75