Manualshelf

Configuring Microsoft Windows IP Security to Operate with HP-UX IPSec

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
11121314151617181920
Windows IP Security Configuration Overview
On Microsoft Windows systems, all IP Security (IPsec) configuration data resides in a single IP
Security policy. You can create multiple IP Security policies, but only one local policy can be
active on the system. If the system is a member of a Windows Active Directory domain, you can
use an IP Security policy from a Group Policy defined for the domain.
A Windows IP Security policy defines the parameters used to negotiate Internet Key Exchange
Security Associations (IKE SAs) and IPsec SAs. An IKE SA is a bi-directional, secure
communication channel that two peers establish before negotiating IPSec SAs. One of the primary
activities during the IKE SA negotiation is the authentication of each peer's identity.
After two peers establish an IKE SA, they can negotiate IPsec SAs. Each IPsec SA is a
uni-directional, secure communication channel. The IPsec SA operating parameters include the
IPsec protocol used (Encapsulating Security Payload, ESP, or Authentication Header, AH) and
the cryptographic algorithms. IPsec SAs are negotiated in pairs (one for each direction of traffic).
Each Windows IP Security policy contains the following components:
Rules
A policy contains one or more rules. The main purpose of a rule is to assign actions for
address filters. Each rule contains the following components:
IP Filter List
An IP Filter list contains one or more filters. Each filter contains the following
components:
Addressing
The source and destination IP addresses, network masks, and a flag that indicates
if the filter is mirrored (bi-directional).
Protocol
The upper-layer protocol, and source and destination ports, if applicable.
Description
The filter name and a description.
Filter Action
The filter action specifies the action to take for the rule, and can be one of the following
actions:
allow: allow the packet to pass
block: discard the packet
negotiate security: negotiate IPsec Authentication Header (AH) or Encapsulating
Security Payload (ESP) Security Associations (SAs)
Authentication Methods
The authentication methods specify the type of Internet Key Exchange (IKE)
authentication to use (preshared key or certificates with RSA signatures). If you are
using preshared key authentication, the authentication methods also specify the value
of the preshared key.
Windows IP Security Configuration Overview 13