Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

371

372

373

374

375

376

377

378

379

380

climconfig.sp(1)

NAME

climconfig.sp -- configure security policies

SYNOPSIS

CLIMCMD {clim-name|ip-address} climconfig sp -add

[-prov prov—name] -s src-range -d dst-range -u upperspec

-dir {in|out } -policy {discard|none|ipsec}

-protocol {esp|ah|ipcomp }

-mode {tunnel -srcdst src_ip-dst_ip|transport }

-level {use|require|unique|default} [-load]

CLIMCMD {clim-name|ip-address} climconfig sp -delete

[-prov prov—name] -s src-range -d dst-range -u upperspec

-dir {in|out } [-unload [-force]]

CLIMCMD {clim-name|ip-address} climconfig -info

[-prov {prov—name | all}] [-s src-range ]

[-d dst-range] [-u upperspec][-obeyform]

CLIMCMD {clim-name|ip-address} climconfig sp -start

[-prov prov—name] [ -s src-range -d dst-range [-u upperspec]]

CLIMCMD {clim-name|ip-address} climconfig sp -stop

[-prov prov—name] [ -s src-range -d dst-range -u upperspec

-dir {in|out }] [-force]

climconfig.sp Description

This command does the following:

sp -add

adds a security policy to the configuration file ipsec-tools.conf. The command parameters

are reformatted into a spdadd < ...> type setkey command. The SP is not loaded into

the SPD unless the -load option is specified.

sp -delete

deletes a security policy from the configuration file ipsec-tools.conf. If any SPs were

already activated, they are not impacted. The SP is not unloaded from the SPD unless the

-unload option is specified.

sp -info

displays security policy information from the configuration file ipsec-tools.conf. If no

options are selected, all the SPs are listed from the ipsec-tools.conf file.

sp -start

loads security policies into the SPD. sp -start is one of the commands for activating VPN

connections.

sp -stop

unloads security policies from the SPD. sp -stop is one of the commands for deactivating

VPN connections.

PARAMETERS

-prov

Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to

ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own IPSec

configuration. The provider name is case-insensitive and always converted to UPPER case.

-s src-range

Specifies the source of the secure communication as an IPv4 or IPv6 address and an optional

port number between square brackets. This takes the form:

372