HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)
The cluster nodes also initiate TCP connections to the remote command clients using dynamically
assigned source and destination ports, as listed below. You must configure HP-UX IPSec so it does
not discard the packets listed below, however, HP recommends that you do not allow the packets
to pass in clear text. For more information, see “Maximizing security” (page 57).
Destination PortSource PortProtocolDestination IP AddressSource IP Address
00TCPcluster node addressremote command client
address (or wildcard)
For remote execution of the cmscancl command, HP-UX IPSec must not discard the following
packets:
Destination PortSource PortProtocolDestination IP AddressSource IP Address
5140TCPcluster node addressremote command client
address (or wildcard)
Serviceguard Manager Plug-in Version
If you using the plug-in version of Serviceguard Manager (supported with Serviceguard versions
A.11.18 and later), configure HP-UX IPSec so it does not discard packets between cluster nodes
and the System Management Homepage (SMH) Station system as described in the sections that
follow.
Cluster Node Host IPsec Policies for Serviceguard Manager Plug-in Version
For each cluster node, configure host IPsec policies so HP-UX IPSec does not discard (the transform
list contains any transform except DISCARD ) the packets listed below. If HP-UX IPSec is not installed
on the SMH Management Station, configure PASS host IPsec policies for these packets.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
02301TCPSMH Management Station
address
cluster node address (or
wildcard)
02301UDPSMH Management Station
address
cluster node address (or
wildcard)
02381TCPSMH Management Station
address
cluster node address (or
wildcard)
02381UDPSMH Management Station
address
cluster node address (or
wildcard)
SMH Management Station Host IPsec Policies
If HP-UX IPSec is installed on the SMH Management Station, configure host IPsec policies for the
packets listed below with actions (PASS or transform lists) that match the policies on the cluster
nodes.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
23010TCPcluster node addressSMH Management
Station address (or
wildcard)
23010UDPcluster node addressSMH Management
Station address (or
wildcard)
Step 1: Configuring HP-UX Host IPsec Policies for Serviceguard 201