HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 4: Configuring Preshared Keys Using Authentication Records
Chapter 396
authentication record. For preshared key authentication, the
authentication record contains the preshared key value and can also
contain the following IKE ID information:
•local ID type
•local ID value
• remote ID type
• remote ID value
If the authentication record matching the remote address includes local
ID information, HP-UX IPSec sends the configured local ID information
in an ISAKMP ID payload. If the matching authentication record has no
local ID information, HP-UX IPSec sends the IP address of the interface
it is using for the IKE negotiation as the local ID value, and sends the
appropriate address type (IPv4 or IPv6) as the local ID type.
If the matching authentication record has remote ID information,
HP-UX IPSec uses it to verify what the remote system sends in the
ISAKMP ID payload. If the matching authentication record has no
remote ID information for the remote system, HP-UX IPSec verifies that
the source IP address from the inbound packet matches the ID value
sent by the remote system, and uses the appropriate IP address type as
the ID type.
ipsec_config add auth Syntax
You can use the following ipsec_config add auth syntax to configure
preshared keys in most installations:
ipsec_config add auth
auth_name
-remote
ip_addr
[/
prefix
] [-preshared
preshared_key
]
HP recommends that you use an ipsec_config batch file to configure
HP-UX IPSec. To specify an add auth operation for an ipsec_config
batch file, use the above syntax without the ipsec_config command
name:
add auth
auth_name
-remote
ip_addr
[/
prefix
] [-preshared
preshared_key
]
The full ipsec_config add auth syntax specification also allows you to
specify the following arguments: