HP-UX IPSec version A.02.00 Administrator's Guide
Using Certificates with HP-UX IPSec
Configuring Authentication Records with IKE IDs
Chapter 4138
For IPv6 addresses, a prefix length of 128 bits indicates that all the bits
in both addresses must match. Use a value less than 128 to specify a
subnet address filter.
Range: 0 - 32 for an IPv4 address; 0 - 128 for an IPv6 address. If you are
using manual keys, prefix must be 32 if
ip_addr
is an IPv4 address or
128 if
ip_addr
is an IPv6 address.
Default: 32 if
ip_addr
is a non-zero IPv4 address, 128 if
ip_addr
is a
non-zero IPv6 address, or 0 (match any address) if
ip_addr
is an
all-zeros address (0.0.0.0 or 0::0).
-ltype
local_id_type
The
local_id_type
is the ID type the local system sends to the remote
system when negotiating an ISAKMP/MM SA. This must match what is
configured on the remote system.
You do not have to configure the local ID type if the local system is not
multihomed.
Acceptable Values: When you are using security certificates, this must
match the ID type in the SubjectAlternativeName field, so the only
acceptable value is IPV4 (IPv4 address).
Default: IPV4, if the IKE daemon uses an IPv4 interface to communicate
with the remote system, or IPV6, if the IKE daemon uses an IPv6
interface to communicate with the remote system.
-lvalue
local_id
The
local_id
is the local ID value the local system sends to the remote
system when negotiating an ISAKMP/MM SA. This must match what is
configured on the remote system.
You do not have to configure the local ID value if the local system is not
multihomed
Acceptable Values: When you are using security certificates, this must
be the IPv4 address in the SubjectAlternativeName of the certificate for
the local system.
Default: If
local_id_type
and
local_id
are not specified, HP-UX uses
the IPv4 or IPv6 address of the interface the IKE daemon uses to
communicate with the remote system.