HP-UX IPSec Version A.03.00 Administrator's Guide

The following batch file entry configures a host IPsec policy that requires telnet requests (where

the local system is the telnet server) from subnet 10.0.0.0 to use ESP with AES128 encryption and

HMAC SHA-1 authentication.

add host telnet_in -source 0.0.0.0/0/TELNET \

-destination 10.0.0.0/8 -pri 120 \

-action ESP_AES128_HMAC_SHA1

The following batch file entry configures a host IPsec policy for an application that listens for

requests on local TCP port 50000. Clients have addresses in the range 10.1.1.0 to 10.1.1.25. The

policy requires all packets connecting to the application to use AH with HMAC SHA-1

authentication.

add host my_app -source 0.0.0.0/0/50000 -destination 10.1.1.0-10.1.1.25 \

-protocol TCP \

-pri 140 -action AH_SHA1

The local system (10.1.1.1) is using a end-to-end tunnel (host-to-host tunnel) with system 10.2.2.2.

The following batch file entry configures a host IPsec policy that references the tunnel policy

my_host_host_tunnel and specifies clear text (no transform) for the transport. See “Tunnel

IPsec Policy Configuration Example” (page 83) for the batch file entry used to configure the

tunnel IPsec policy my_host_host_tunnel.

The priority is 30 to ensure that HP-UX IPSec selects this policy instead of the policies for telnet

and the TCP port 50000 application when the local system is communicating with 10.2.2.2.

add host to_orange -source 10.1.1.1 \

-destination 10.2.2.2 -pri 30 -tunnel my_host_host_tunnel \

-action PASS

Step 1: Configuring Host IPsec Policies 79