HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

111

112

113

114

115

116

117

118

119

120

The complete ipsec_config add startup syntax specification also allows you to specify the

following arguments:

• nocommit (verify the syntax but do not commit the information to the database)

• profile (alternate profile file)

• auditlvl (audit level)

• auditdir (audit directory)

• maxsize (maximum audit file size)

• spi_min (lower bound for inbound, dynamic Security Parameters Index)

• spi_max (upper bound for inbound, dynamic key Security Parameters Index)

• spd_soft (the “soft” limit for the size of the Security Policy Database)

• spd_hard (the “hard” limit for the size of the Security Policy Database)

• icmp_error_process (enable or disable RFC 4301 secure processing for ICMP and

ICMPv6 error messages)

see the ipsec_config(1M) manpage for complete syntax information.

Stopping HP-UX IPSec

Use the ipsec_admin -stop command to stop HP-UX IPSec. This command performs the following

operations:

• Flushes the kernel-resident HP-UX IPSec memory structures.

• Disables the kernel components.

• Sends IKE DELETE messages to peer IKE entities for the local system’s inbound SAs. The DELETE

messages tell the peer that the local system will no longer accept data for the deleted SAs.

• Stops the HP-UX IPSec daemons.

ipsec_admin -stop Syntax

ipsec_admin -stop|sp

Changing HP-UX IPSec Operating Parameters

The ipsec_admin command supports the following arguments for changing HP-UX IPSec operating

parameters:

• auditlvl (audit level)

• auditdir (audit directory)

• maxsize (maximum audit file size)

• newpasswd (HP-UX IPSec password)

• spi_min (lower bound for inbound, dynamic Security Parameters Index; this argument is

valid only with the -start argument)

• spi_max (upper bound for inbound, dynamic key Security Parameters Index; this argument

is valid only with the -start argument)

• spd_soft (the “soft” limit for the size of the Security Policy Database)

• spd_hard (the “hard” limit for the size of the Security Policy Database)

• traceoff (disable nettl layer 4 tracing)

• traceon (enable nettl layer 4 tracing)

See the ipsec_admin(1M) manpage for complete syntax information.

116 Administering HP-UX IPSec