HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and MC/ServiceGuard
Step 5: Configuring Authentication Records for Certificates
Chapter 8262
Cluster Node
On each cluster node, add entries to the ipsec_config batch file with
add auth operations to configure an authentication record for each
cluster client as follows:
• Remote IP Address (-remote): The cluster client address.
• Local ID type (-ltype): IPV4.
•Local ID value(-lid): The IP address in the SubjectAlternativeName
field of the certificate for the cluster.
• Remote ID type (-rtype): The IKE ID type sent by the remote
system (cluster client).
— You do not need to enter this argument if the cluster client is an
HP-UX system and is not multihomed. HP-UX IPSec will use
IPV4 as the ID type.
— If the cluster client is a multihomed HP-UX system, specify
IPV4.
— If the cluster client is not an HP-UX system, enter the value sent
by the cluster client.
• Remote ID value (-rid): The IKE ID value sent by the cluster client
(cluster client).
— You do not need to enter this argument if the cluster client is an
HP-UX system and is not multihomed. HP-UX IPSec will use the
source IP address from the incoming packet as the ID value.
— If the cluster client is a multihomed HP-UX system, specify the
IP address in the SubjectAlternativeName field of the cluster
client’s certificate.
— If the cluster client is not an HP-UX system that does not use its
IP address as its IKE ID (the ISAKMP ID payload), enter the
value sent by the cluster client.
Cluster Clients
On each cluster client, configure an authentication record for each
package address in the cluster as follows:
• Remote IP Address (-remote): The package address.
• Local ID type (-ltype): The IKE ID type sent by the cluster client.