Configuring Microsoft Windows IP Security to Operate with HP-UX IPSec

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Table of Contents

About This Document.........................................................................................................9

Typographic Conventions......................................................................................................................9

Introduction..........................................................................................................................................11

Testing Environment.......................................................................................................................11

Known Problem with Windows 2000 SP1 and SP2...................................................................11

Protocol Implementation Differences..............................................................................................12

Windows IP Security Configuration Overview....................................................................................13

Configuring a Windows Host-to-Host Policy.......................................................................................14

Step 1: Starting the IP Security Policies Snap-in Configuration Utility...........................................15

Step 2: Creating a Policy..................................................................................................................15

Step 3: Adding a Rule......................................................................................................................16

Step 4: Creating the IP Filter List and Filters for the Rule...............................................................18

Step 5: Configuring Filter Actions for the Rule...............................................................................21

Step 6: Configuring the IKE Authentication Method and Preshared Key for the Rule..................25

Step 7: Configuring the Connection Type for the Rule...................................................................26

Step 8: Modifying IKE Parameters for the Policy............................................................................26

Step 9: Starting the IP Security Service............................................................................................29

Step 10: Assigning the IP Security Policy........................................................................................30

Step 11: Verifying the Configuration...............................................................................................31

Example...........................................................................................................................................31

Windows Configuration.............................................................................................................31

HP-UX Configuration................................................................................................................32

Additional Options...............................................................................................................32

Configuring a Windows End-to-End Tunnel Policy.............................................................................33

Outbound Tunnel Rule Requirements............................................................................................33

Inbound Tunnel Rule Requirements...............................................................................................33

Configuring a Tunnel Rule..............................................................................................................33

Example...........................................................................................................................................34

Windows Configuration.............................................................................................................34

Outbound Rule.....................................................................................................................34

Inbound Rule........................................................................................................................35

Additional Parameters..........................................................................................................36

HP-UX Configuration................................................................................................................37

Troubleshooting Tips............................................................................................................................38

Using IKE Logging on HP-UX Systems..........................................................................................38

Using IKE Logging on Windows Systems.......................................................................................38

Additional Windows Troubleshooting Tools..................................................................................39

Comparing HP-UX and Windows IPsec Configuration Parameters....................................................40

Mirrored Filters...............................................................................................................................41

Filter Selection.................................................................................................................................42

IKE Parameter Selection..................................................................................................................42

IKE SA Key (Master Key) Lifetime Values......................................................................................42

HP-UX IKE SA Lifetime Values.................................................................................................42

Windows IKE SA Lifetime Values..............................................................................................43

Maximum Quick Modes..................................................................................................................43

Perfect Forward Secrecy (PFS).........................................................................................................43

IPsec SA Key (Session Key) Lifetime Values...................................................................................43

HP-UX IPsec SA Lifetime Values...............................................................................................43

Windows IPsec SA Lifetime Values...........................................................................................44

Related Publications..............................................................................................................................45

Table of Contents 3