HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Step 4: Committing the batch file configuration and verifying operation.........................................53

Step 5: Configuring HP-UX IPSec to start automatically.................................................................54

ipsec_config add startup Syntax...........................................................................................55

Step 6: Creating backup copies of configuration files..................................................................55

Configuration tips and reminders..............................................................................................55

4 Configuring HP-UX IPSec...........................................................................57

Maximizing security................................................................................................................57

Bypass list.........................................................................................................................57

Strong end system model....................................................................................................58

Using ipsec_config ................................................................................................................58

General syntax information.................................................................................................58

Argument delimiters.......................................................................................................58

Line continuation character (\)........................................................................................58

ipsec_config add command................................................................................................58

ipsec_config batch command..............................................................................................58

Batch File Processing.....................................................................................................59

Batch File Syntax...........................................................................................................59

Comments...............................................................................................................59

ipsec_config delete command.............................................................................................59

ipsec_config export command.............................................................................................59

ipsec_config show ............................................................................................................59

Profile file.........................................................................................................................59

Using a profile file with a batch file.................................................................................60

Profile file structure........................................................................................................60

Creating a customized profile file....................................................................................60

IPv6 networks..........................................................................................................60

Multihomed nodes with private interfaces....................................................................60

Dynamic configuration updates............................................................................................60

Dynamic deletions.........................................................................................................60

nocommit argument...........................................................................................................61

Configuration overview............................................................................................................61

Step 1: Configuring host IPsec policies.......................................................................................63

Host policy order and selection............................................................................................63

default Host IPsec policy.................................................................................................63

Automatic priority increment...........................................................................................63

ipsec_config add host Syntax..............................................................................................63

host_policy_name ........................................................................................................64

-source and -destination addresses and ports....................................................................64

ip_addr ..................................................................................................................65

prefix .....................................................................................................................65

port .......................................................................................................................65

service_name ..........................................................................................................65

-protocol protocol_id .....................................................................................................66

ICMPv4 messages....................................................................................................66

ICMPv6 messages....................................................................................................67

IPv6 mobility header messages..................................................................................67

-priority priority_number ................................................................................................67

-tunnel tunnel_policy_name ............................................................................................67

-action ........................................................................................................................67

transform_list ...........................................................................................................68

-flags flags ..................................................................................................................70

Host IPsec policy configuration examples...............................................................................71

Step 2: Configuring tunnel IPsec policies....................................................................................72

ipsec_config add tunnel syntax............................................................................................73

Contents 5