HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)
6 Administering HP-UX IPSec
This chapter describes common HP-UX IPSec maintenance procedures. This chapter contains the
following sections:
• “Starting HP-UX IPSec” (page 115)
• “Changing HP-UX IPSec Operating Parameters” (page 116)
• “Stopping HP-UX IPSec” (page 116)
• “Changing HP-UX IPSec Operating Parameters” (page 116)
• “Exporting the Configuration Database to a Batch File” (page 117)
• “Re-Creating the Configuration Database” (page 117)
• “Deleting SA Entries” (page 117)
Starting HP-UX IPSec
Use the ipsec_admin -start command to start HP-UX IPSec.
ipsec_admin -start Syntax
The ipsec_admin -start command is typically used with the following simple syntax to start
HP-UX IPSec:
ipsec_admin -st[art]
Additional Options
The complete ipsec_admin -start syntax specification also allows you to specify the following
arguments:
• auditlvl (audit level)
• auditdir (audit directory)
• maxsize (maximum audit file size)
• spi_min (lower bound for inbound, dynamic Security Parameters Index)
• spi_max (upper bound for inbound, dynamic key Security Parameters Index)
• spd_soft (the “soft” limit for the size of the Security Policy Database)
• spd_hard (the “hard” limit for the size of the Security Policy Database)
see the ipsec_admin(1M) manpage for complete syntax information.
Configuring HP-UX IPSec to Start Automatically
HP recommends that you configure HP-UX IPSec to start automatically at system startup time once
you have a known, good HP-UX IPSec configuration. This allows HP-UX IPSec to secure your system
at all times. Use the ipsec_config add startup command to configure HP-UX IPSec to
start automatically at system startup time.
ipsec_config add startup Syntax
Use the following ipsec_config add startup syntax to configure HP-UX IPSec to start
automatically at system startup time:
ipsec_config add startup -autoboot ON
Starting HP-UX IPSec 115