Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
151152153154155156157158159160
Troubleshooting HP-UX IPSec
IPSec Operation
Chapter 5148
addresses as ID values by default). This is part of the establishment
of an ISAKMP or Main Mode SA (ISAKMP/MM SA), as described in
the next step.
2. Establish ISAKMP/MM SA
The two systems complete the establishment of the ISAKMP/MM
SA. The ISAKMP/MM SA is the “master” SA that the two systems
use as a secure channel to negotiate the SAs for AH and/or ESP
packets.
3. Establish IPSec/QM SAs
Once an ISAKMP/MM SA is established, the two systems have a
secure channel for negotiating IPSec or Quick Mode SAs (IPSec/QM
SAs). The IPSec/QM SAs determine the HP-UX IPSec
transformation(s) used (AH and/or ESP), the encryption keys for
AH/ESP and other parameters. Two IPSec/QM SAs are established:
one for packets from the local system to the remote system and one
for packets from the remote system to the local system.
Note that one ISAKMP/MM SA can be used to negotiate multiple pairs of
IPSec/QM SAs.