Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
201202203204205206207208209210
Destination PortSource PortProtocolDestination IP AddressSource IP Address
23810TCPcluster node addressSMH Management
Station address (or
wildcard)
23810UDPcluster node addressSMH Management
Station address (or
wildcard)
Serviceguard Manager Standalone Version
If you using the standalone version of Serviceguard Manager (supported with Serviceguard versions
A.11.11 - A.11.17), configure HP-UX IPSec so it does not discard SNMP traffic between cluster
nodes and the Serviceguard Manager system as described in the sections that follow. The SNMP
agent runs on the cluster nodes and uses UDP port 161. The SNMP manager runs on the
Serviceguard Manager and uses UDP port 162.
Cluster Node Host IPsec Policies for Serviceguard Manager Standalone Version
For each cluster node, configure host IPsec policies so HP-UX IPSec does not discard (the transform
list contains any transform except DISCARD ) the packets listed below. If HP-UX IPSec is not installed
on the standalone Serviceguard Manager system, configure PASS host IPsec policies for these
packets.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
0161UDPServiceguard Manager
address
cluster node address (or
wildcard)
1620UDPServiceguard Manager
address
cluster node address (or
wildcard)
Standalone Serviceguard Manager Host IPsec Policies
If HP-UX IPSec is installed on the standalone Serviceguard Manager system, configure host IPsec
policies for the packets listed below with actions (PASS or transform lists) that match the policies
on the cluster nodes.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
1610UDPcluster node addressServiceguard Manager
address (or wildcard)
0162UDPcluster node addressServiceguard Manager
address (or wildcard)
WBEM Access
To enable external clients to have WBEM access to cluster nodes, configure HP-UX IPSec so it does
not discard packets between the clients and the cluster nodes as described in the sections that
follow. WBEM can be configured to use Secure Socket Layer (SSL) security. Secure WBEM access
uses TCP port 5989. Non-secure WBEM access uses TCP port 5988.
202 HP-UX IPSec and Serviceguard