Manualshelf

HP-UX IPSec A.02.00.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
HP-UX IPSec Release Notes
What’s in This Version
Chapter 14
What’s in This Version
The HP-UX IPSec version A.02.00.01 product is the HP-UX IPSec Version A.02.00 product
updated for support on HP-UX 11i v2 update 2 (v2UD2) systems, and includes the defect fixes
listed in “Patches and Fixes in This Version” on page 15. In addition, the -homeclear option
for Mobile IPv6 now works as documented.
HP-UX IPSec version A.02.00.01 has the same features as HP-UX IPSec version A.02.00.
HP-UX IPSec version A.02.00 includes the following new and changed features:
IPSec policies, bypass list and startup parameters are now configured using the
ipsec_config command-line utility. The ipsec_config utility also supports batch files.
The ipsec_mgr GUI is still used to configure security certificates.
The IPSec policy, preshared key and startup configuration information is now stored in a
configuration database, /var/adm/ipsec/config.db. The policy configuration file
(default /var/adm/ipsec/policies.txt), preshared key file
(/var/adm/ipsec/pskeys.txt), and startup file (/etc/rc.config.d/ipsecconf) files
are no longer used.
HP-UX IPSec was enhanced to support dynamic configuration updates. Administrators
can update the configuration without stopping and re-starting HP-UX IPSec.
HP-UX IPSec now supports manual keys for IPSec Security Associations.
HP-UX IPSec was enhanced to secure Mobile IPv6 packets with manual keys when the
local system is a Mobile IPv6 Home Agent.
HP-UX IPSec can act as a gateway (IP router) and forward IP packets, but only for HP-UX
Mobile IPv6.
In previous releases, there was only one type of IPSec policy, which contained both host
and tunnel IPSec information. There are now separate host IPSec policies and tunnel
IPSec policies. There are also gateway IPSec policies, which are supported only for HP-UX
Mobile IPv6.
ISAKMP policies are now referred to as IKE policies.
The default Oakley group (Diffie-Hellman group) is now 2.
Preshared keys are configured in authentication records.
Administrators can now configure preshared keys for remote subnets.
IKE ID parameters can now be configured for IKE negotiations when using preshared
keys.