Configuring Microsoft Windows IP Security to Operate with HP-UX IPSec
Figure 12 Configuring A Preshared Key
To use IKE authentication with certificates, select Use a certificate from this certification
authority (CA). Click Browse. The IP Security configuration utility opens a Select Certificate
box with a list of CA certificates stored on your system. Select the CA for the appropriate
CA and click OK. (For additional information about configuring Microsoft Windows
certificates, see Using Microsoft Windows Certificates with HP-UX IPSec, available at
http://docs.hp.com.
4. After you have specified the IKE authentication method, click OK to return to the
Authentication Methods tab in the Rule Properties dialog box.
5. In the Rule Properties dialog box, remove the Kerberos authentication method from the
authentication methods list by highlighting it and clicking Remove.
The configuration utility will display a confirmation message (Are you sure?). Click Yes
Step 7: Configuring the Connection Type for the Rule
The connection type specifies the types of network connection to which the rule will apply. By
default, the IP Security configuration utility creates rules that apply to all network connection
types. To change the connection type, use the following procedure:
1. Select the Connection Type tab from the Rule Properties dialog box.
2. The IP Security configuration utility opens the Connection Type dialog box with the following
selections:
• All network connections: the rule applies to all network connections
• Local area network (LAN): the rule applies only to LAN connections
• Remote access: the rule applies only to VPN and dial-up connections
Select the appropriate connection type and click OK. If you have configured all the required
parameters for a rule, the IP Security configuration utility will return to the Policy Properties
dialog box.
Step 8: Modifying IKE Parameters for the Policy
By default, HP-UX IPSec negotiates IKE SAs using a single proposal with the following parameters:
26