HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 4: Configuring Preshared Keys Using Authentication Records
Chapter 398
For IPv4 addresses, a prefix length of 32 bits indicates that all the bits in
both addresses must match. This prefix length is equivalent to an
address mask of 255.255.255.255. Use a value less than 32 to specify a
subnet address filter.
For IPv6 addresses, a prefix length of 128 bits indicates that all the bits
in both addresses must match. Use a value less than 128 to specify a
subnet address filter.
WARNING Specifying a subnet address filter and a preshared key allows
you to configure a single preshared key for an entire subnet.
However, HP strongly recommends that you configure an
individual authentication record for each remote system with a
unique preshared key.
Range: 0 - 32 for an IPv4 address; 0 - 128 for an IPv6 address. If you are
using manual keys, prefix must be 32 if
ip_addr
is an IPv4 address or
128 if
ip_addr
is an IPv6 address.
Default: 32 if
ip_addr
is a non-zero IPv4 address, 128 if
ip_addr
is a
non-zero IPv6 address, or 0 (match any address) if
ip_addr
is an
all-zeros address (0.0.0.0 or 0::0).
preshared_key
The
preshared_key
is the preshared key used for IKE authentication.
This must match the preshared key configured on the remote system.
Acceptable Values: A text string, containing 1 - 128 ASCII characters.
White spaces are not allowed. You must quote shell special characters if
you are using the command-line interface; do not quote them if you are
using a batch file.
Default: None.
Authentication Record Configuration Examples
The following batch file entry configures an authentication record for
preshared key authentication for a remote system that has the address
10.2.2.2:
add auth -remote 10.2.2.2 -preshared my_hostA_hostB_key