The IP Security configuration utility opens a Filter Properties dialog box.

2.Select the Addressing tab in the Filter Properties dialog box. Use the drop-down menus to specify the address types for the source and destination addresses. The selections are:

My IP Address1

Any IP Address

A specific DNS Name

A specific IP Address

A specific IP Subnet

Enter the source and destination IP addresses or DNS names for the filter. If you selected A specific IP Subnet, enter the subnet mask.

WARNING! Be careful when configuring filters that affect packets required for basic network operation, such as packets exchanged with DNS servers and ICMP packets exchanged with routers. If you configure a policy that requires IP Security for these packets and the remote node does not support IP Security, your system can lose network functionality.

Leave the Mirrored check box selected, which creates a bi-directional filter that applies to packets to and from the destination system. See “Mirrored Filters” (page 41) for more information about mirrored filters.

In Figure 5, the administrator specifies an address filter with the Windows system address (10.1.1.1) as the source address and the HP-UX system address (10.2.2.2) as the destination address. The Mirrored check box is selected, so the address filter also matches packets from the HP-UX system.

Figure 5 Address Tab for Filter Properties

3.Select the Protocol tab in the Filter Properties dialog box. By default, the filter applies to all protocol types. Select the protocol type (for example, TCP) from the drop-down box. If you select TCP or UDP, you can also specify the From (source) port and To (destination) port.

Click OK to return to the Filter Properties dialog box.

1.HP-UX did not test the My IP Address selection with multihomed Windows systems. However, the Windows documentation states that in a multi-homed system, My IP Address matches every IP address on the system.

Configuring a Windows Host-to-Host Policy 19