Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
61626364656667686970
ICMPv6 messages
If protocol_id is ICMPV6 or ALL, the policy applies to only the following ICMPv6 message
types:
Echo Request
Echo Reply
Mobile Prefix Solicitation
Mobile Prefix Advertisement
To ensure proper operation of IPv6 networks, the default HP-UX IPSec behavior allows all other
ICMPv6 message types to pass in clear text. To discard or secure other ICMPv6 message types,
you must specify -protocol ICMPV6 and explicitly specify the message type value using the
-dst_icmpv6_type and -src_icmpv6_type arguments.
For more information, see “ICMPv6 Message Processing” (page 163).
IPv6 mobility header messages
If protocol_id is MH or ALL, you can specify IPv6 Mobility Header message type values using
the -dst_mh_type and -src_mh_type arguments. See ipsec_config(1m) for more information.
For more information, see ipsec_config(1m).
-priority priority_number
The priority_number is the priority value HP-UX IPSec uses when selecting a host IPsec policy
(a lower priority value has a higher priority). The priority must be unique for each host IPsec policy.
Range: 1 - 2147483647.
Default: If you do not specify a priority, ipsec_config assigns a priority value that is set to the
current highest priority value (lowest priority) for host IPsec policies in the configuration database,
incremented by the automatic priority increment value (priority parameter) for host IPsec policies
specified in the HostPolicy-Defaults section of the profile file (this policy will be the last
policy evaluated before the default policy). The default automatic priority increment value (priority)
is 10.
If this is the first host IPsec policy created, ipsec_config uses the automatic priority increment
value as the priority.
-tunnel tunnel_policy_name
If packets using this host IPsec policy will be tunneled and the local system is one of the tunnel
endpoints, use the tunnel argument to specify the tunnel_policy_name, the name of the
tunnel IPsec policy to use with this host IPsec policy.
-action
The action argument specifies the action HP-UX IPSec will perform on packets using this policy.
The action must be PASS (pass in clear text) if this is an end system in an end-to-end tunnel
(host-to-host tunnel) topology.
Step 1: Configuring host IPsec policies 67