Configuring Microsoft Windows IP Security to Operate with HP-UX IPSec

Figure 17 Assigning the IP Security Policy

Step 11: Verifying the Configuration

To verify your configuration, generate traffic that matches the address filter.

On the HP-UX system, enter the following command to verify that the IKE SA and IPsec SAs

are established:

ipsec_report -sa

Example

In this example, IPsec secures telnet connections from the Windows system to the HP-UX system,

using authenticated ESP.

The Windows system's address is 10.1.1.1

The HP-UX system's address is 10.2.2.2.

Windows Configuration

The Windows administrator configures and assigns an IP Security policy with the following

parameters:

• One rule, with the following parameters:

— Filter List: One filter, with the following parameters:

◦ Addressing:

– Source address: the Windows system's address.

– Destination address: the HP-UX system's address.

– Mirrored: yes (the Mirrored box is selected).

These parameters are shown in Figure 5 (page 19).

◦ Protocol: TCP; source port any, destination port 23 (telnet).

– Protocol: TCP

– From port: any

– To port: 23 (telnet server)

These parameters are shown in Figure 6 (page 20).

— Filter Action: Negotiate security, using the default settings for Encryption and Integrity

(authenticated ESP using 3DES and SHA1).

— Authentication Method: IKE using the preshared key my_preshared_key, as shown

in Figure 12 (page 26).

— Tunnel Settings: No tunnel (this is the default).

— Connection Type: All network connections (this is the default).

• General parameters: The general parameters for the policy are set to the default values (four

IKE SA proposals, including 3DES encryption, SHA1 integrity and Diffie-Hellman Group

2).

Configuring a Windows Host-to-Host Policy 31