HP-UX IPSec version A.02.00 Administrator's Guide
Using Certificates with HP-UX IPSec
Configuring Authentication Records with IKE IDs
Chapter 4 137
add auth
auth_name
-remote
ip_addr
[/
prefix
]
[-ltype local_id_type] [-lid local_id]
[-rtype remote_id_type] [-rid remote_id]
The full ipsec_config add auth syntax specification also allows you to
specify the following arguments:
• nocommit (verify the syntax but do not commit the information to the
database)
• profile (alternate profile file)
• preshared (preshared key)
Refer to the ipsec_config (1M) manpage for full syntax information.
auth_name
The user-defined name for the authentication record. This
name must be unique for each record and is case-sensitive.
Acceptable Values: 1 - 63 characters. Each character must be an ASCII
alphanumeric character, hyphen (-), or underscore (_).
ip_addr
[/
prefix
] The IP address and network prefix length that
specifies the remote system or subnet for this record. Each
ip_addr
and
prefix
combination (the significant bits of
ip_addr
, as specified by
prefix
) must be unique.
If the remote system's IP address matches multiple IP address and
prefix combinations, HP-UX IPSec uses the authentication record with
the most specific address (longest prefix length).
Where:
ip_addr
The
ip_addr
is the remote IP address.
Acceptable Values: An IPv4 address in dotted-decimal notation or an
IPv6 address in colon-hexadecimal notation. The address cannot be a
broadcast, subnet broadcast, or multicast address.
Default: None.
prefix
The
prefix
is the prefix length, or the number of leading bits
that must match when comparing the remote IP address with
ip_addr
.
For IPv4 addresses, a prefix length of 32 bits indicates that all the bits in
both addresses must match. This prefix length is equivalent to an
address mask of 255.255.255.255. Use a value less than 32 to specify a
subnet address filter.