Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
919293949596979899100
An entry in the bypass interface list affects only the logical interface for the IP address, not all
logical interfaces for the physical interface (network card).
Default: None.
Bypass Configuration Example
The system has two physical interfaces, both connected to secure, internal networks. You want to
use HP-UX IPSec to encrypt traffic on one interface, but disable HP-UX IPSec on the second interface,
12.1.1.1. The following batch file entry configures an entry in the bypass list for address 12.1.1.1.
-add bypass 12.1.1.1
Step 7: Verifying the Batch File Syntax
Use the following command to verify the contents of the ipsec_config batch file without
committing the configuration:
ipsec_config batch batch_file_name -nocommit
The ipsec_config utility displays the following message to indicate the profile file used:
Using default profile file /var/adm/ipsec/.ipsec_profile
If there are no syntax errors in the batch file, ipsec_config returns without displaying any other
messages.
Step 8: Committing the Batch File Configuration and Verifying Operation
Use the following procedure to verify the operation of your HP-UX IPSec configuration.
1. Commit the batch file operations to the configuration database with the following command:
ipsec_config batch batch_file_name
2. Verify the contents of the configuration database with the following command:
ipsec_config show all
The ipsec_config utility displays the contents of the configuration database. The contents
include the configuration parameters supplied by the profile file, and configuration records
automatically generated by ipsec_config , such as records for default policies and one
for startup options. The IPsec policies are sorted in priority order. You will see output similar
to the following:
startup
-autoboot OFF
-auditlvl ERROR
:
:
host telnet_from_nodeCW
-source 10.2.2.2/32/0-65535
-destination 10.1.1.1/32/23
-protocol 6
-priority 20
-action ESP_3DES_HMAC_SHA1/28800/0
-flags NONE
host default
-action PASS
3. Start HP-UX IPSec with following command:
ipsec_admin -start
4. Check the status of HP-UX IPSec using the following command:
ipsec_admin -status
You will see output similar to the following:
96 Configuring HP-UX IPSec