HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and MC/ServiceGuard
Configuration Overview
Chapter 8 241
Configuration Steps
When configuring HP-UX IPSec for MC/ServiceGuard, configure HP-UX
IPSec using an ipsec_config batch file according to the instructions in
Chapter 3, “Configuring HP-UX IPSec,” on page 57 on one cluster node.
Additional configuration requirements are listed below and described in
the following sections. After you have verified the HP-UX IPSec
configuration on one node, copy the configuration files to the other
cluster nodes.
After you have configured HP-UX IPSec, configure MC/ServiceGuard as
described in the MC/ServiceGuard product documentation.
The general procedure for configuring HP-UX IPSec with
MC/ServiceGuard is listed below:
• “Step 1: Configuring a Common HP-UX IPSec Password” on
page 243
Configure the same HP-UX IPSec password on all systems in the
MC/ServiceGuard cluster if you are using certificate-based IKE
authentication.
• “Step 2: Configuring HP-UX Host IPSec Policies for
MC/ServiceGuard” on page 244
— You must ensure that HP-UX IPSec allows MC/ServiceGuard
heartbeat messages pass in clear text to avoid unnecessary
cluster reformations. Configure HP-UX IPSec to allow all traffic
between the heartbeat IP addresses to pass in clear text.
— If you are using optional MC/ServiceGuard features such as
Quorum Server or ServiceGuard Manager, you must configure
HP-UX IPSec so it does not discard control messages for these
services.
• “Step 3: Configuring HP-UX IPSec IKE policies” on page 257
Configure IKE policies that include the MC/ServiceGuard package
addresses and client addresses.
• “Step 4: Configuring Authentication Records for Preshared Keys” on
page 258
The authentication records contain the preshared key values and
may include IKE ID information.