Configuring Microsoft Windows IP Security to Operate with HP-UX IPSec
Figure 9 Security Method Dialog Box
The Encryption and Integrity and Integrity only methods each correspond to a set of
predefined parameters for an IPsec SA proposal, including an IPsec transform type (such
as ESP). The transforms and additional SA parameters defined for these methods may vary
according to the Windows release installed. On Windows XP systems with SP2, these methods
are defined as follows:
• Encryption and Integrity
Authenticated ESP using 3DES encryption and SHA1 authentication (this is equivalent
to the HP-UX IPSec transform ESP_3DES_HMAC_SHA1). No SA lifetimes are specified,
and these settings are compatible with the HP-UX default SA lifetimes (see “IPsec SA
Key (Session Key) Lifetime Values” (page 43) for more information).
• Integrity only
Authenticated ESP using NULL encryption and SHA1 authentication. (this is equivalent
to the HP-UX IPSec transform ESP_NULL_HMAC_SHA1) No SA lifetimes are specified,
and these settings are compatible with the HP-UX default SA lifetimes (see “IPsec SA
Key (Session Key) Lifetime Values” (page 43) for more information).
To use a predefined method, select the appropriate method from the list and click OK to
return to the Security Methods tab in the Filter Actions dialog box.
To create a custom method, use the following procedure:
a. Select Custom in the Security Method dialog box, then click Settings to open the
Custom Security Method Settings dialog box.
b. In the Custom Security Method Settings dialog box (Figure 10), select the appropriate
transform type, algorithms, and session key lifetimes. See “IPsec SA Key (Session Key)
Lifetime Values” (page 43) for more information about IPsec session key lifetimes.
Configuring a Windows Host-to-Host Policy 23