Configuring Microsoft Windows IP Security to Operate with HP-UX IPSec

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Comparing HP-UX and Windows IPsec Configuration Parameters

This section contains Table 1, which compares how HP-UX and Windows systems configure and

store IPsec parameters. It also contains the following subsections, which provide additional

comparative information:

• “Mirrored Filters” (page 41)

• “Filter Selection” (page 42)

• “IKE Parameter Selection” (page 42)

• “IKE SA Key (Master Key) Lifetime Values” (page 42)

• “Maximum Quick Modes” (page 43)

• “Perfect Forward Secrecy (PFS)” (page 43)

• “IPsec SA Key (Session Key) Lifetime Values” (page 43)

Table 1 IPsec Parameters on Windows and HP-UX

NotesHP-UX ConfigurationWindows ConfigurationParameter

Windows and HP-UX

support subnet masks for IP

addresses and wildcards for

IP addresses, protocols, and

port numbers.

See “Mirrored Filters”

(page 41) for additional

information.

Specify one filter per host,

tunnel, or gateway policy.

Use the -source and

-destination arguments

in the ipsec_config add

host , tunnel, or

gateway command.

Specify them in the Filter

List for a rule. The Filter List

can contain multiple

address filters.

Address Filters

HP-UX IPSec supports ESP

encryption using the

following protocols:

Advanced Encryption

Standard (AES), Triple Data

Encryption Standard

(3DES), and Data

Encryption Standard (DES).

Windows XP and Windows

2000 support 3DES and

DES, but do not support

AES.

Specify them using the

-action argument in the

ipsec_config add

gateway, host, or tunnel

command.

Specify them in the Filter

Action for a rule.

IPsec SA Proposals

See “Filter Selection”

(page 42) for additional

information.

Specify it using the

-priority argument in

the ipsec_config add

gateway or host

command.

Not applicable.Filter Priority

See “IPsec SA Key (Session

Key) Lifetime Values”

(page 43) for additional

information.

Specify it in the transform

specification for the

-action argument in the

ipsec_config add host

or tunnel command.

Specify it in the Custom

Security Methods dialog

box under the Filter Action

for a rule.

Maximum IPsec SA

Lifetime, measured by time

or by data

See “Mirrored Filters”

(page 41) for additional

information.

Specify the endpoints using

the -tsource and

-tdestination

arguments of

theipsec_config add

tunnel command.

Specify the destination

tunnel endpoint (the

endpoint for the

destination) in the Tunnel

Settings for a rule. You must

configure two

uni-directional

(non-mirrored) rules.

Tunnel endpoint address

Specify it using the -auth

argument of the

ipsec_config add ike

command.

Specify it in the

Authentication Methods for

a rule.

IKE Authentication Method