HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and MC/ServiceGuard
Step 4: Configuring Authentication Records for Preshared Keys
Chapter 8258
Step 4: Configuring Authentication Records
for Preshared Keys
This section describes configuration requirements for authentication
records if you are using preshared keys for IKE authentication. If you are
not using preshared keys for IKE authentication, go to βStep 5:
Configuring Authentication Records for Certificatesβ on page 261.
The preshared key information must be the same on all nodes in the
cluster. Configure authentication records with preshared keys on one
MC/ServiceGuard cluster node. The authentication records are stored in
the configuration database, /var/adm/ipsec/config.db, which you
distribute to the other cluster nodes.
Use the procedure described in Chapter 3, βStep 4: Configuring
Preshared Keys Using Authentication Recordsβ on page 95 to configure
authentication records and preshared keys, with the additional
requirements described in the following sections.
Preshared Key Configuration on Cluster Nodes
Configure an authentication record with a preshared key for each cluster
client. HP recommends that you configure a unique key for each client.
The authentication records can also contain local and remote ID
information. You do not have to configure local ID information on the
cluster nodes. You do not have to configure remote ID information if the
client is an HP-UX system, or a system from another vendor that uses its
IP address as its IKE ID.
Preshared Key Configuration on Client Nodes
On each cluster client, you configure a preshared key entry for each
package address, using the key configured on the cluster for this client.
You do not have to configure local or remote ID information if the client
is an HP-UX system, or a system from another vendor that uses its IP
address as its IKE ID.
Example
In Figure 8-1 on page 237, the cluster has three nodes: