Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
41424344454647484950
Valid Input:
ESP_AES128_HMAC_SHA1
ESP_AES128_HMAC_MD5
ESP_3DES_HMAC_SHA1
ESP_3DES_HMAC_MD5
ESP_NULL_HMAC_SHA1
ESP_NULL_HMAC_MD5
Default: ESP_AES128_HMAC_SHA1
IPSec preshared key
The preshared key used to authenticate the identity of the IPSec
peer. This must match the value configured on the peer system.
Parameter Name: ipsec_psk.
Valid value: A text string, containing 1 - 128 ASCII characters
(whitespaces are not allowed).
Default: None.
Configuration Data
SRP adds IPSec configuration data using the ipsec_config utility. IPSec adds the data to the
IPSec database, /var/adm/ipsec/config.db. To view the contents of the IPSec database,
use the ipsec_config or the ipsec_report utility. To modify the contents of the IPSec
database, you must use the ipsec_config utility.
SRP adds the following IPSec configuration data:
A host IPSec policy
The host policy specifies encryption and authentication using the specified transform between
the specified remote IP address and the local (compartment) address. The default HP-UX
IPSec values are used for all other parameters.
An Internet Key Exchange (IKE) policy
The IKE policy specifies parameters used to establish an IKE security association with the
specified remote IP address. The authentication method is PSK (preshared key). The default
HP-UX IPSec values are used for all other parameters.
An authentication record
The authentication record contains the specified remote IP address and preshared key value.
The default HP-UX IPSec values are used for all other parameters.
HP-UX IPSec Default Parameter Values
For IPSec parameters that SRP does not prompt for, SRP uses the IPSec default values in the
configuration records. The IPSec default values are read from the default IPSec profile file, /var/
adm/ipsec/.ipsec_profile. You can view this text file to determine the default IPSec
parameters and determine what values need to be configured on the peer system. Some of the
main parameters and the default values set in the factory-installed profile file are as follows:
IKE exchange type: Main Mode
IKE hash algorithm: MD5
IKE encryption algorithm: 3DES
IKE Diffie-Hellman group: 2
Policy Selection and Priority
When IPSec selects policies, it selects the first policy that matches the search criteria. Because of
this selection algorithm, IPSec policies are typically ordered from most specific to least specific.
SRP adds the policies using the IPSec automatic priority increment mechanism, where IPSec
44 Using the base Template