HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and Linux
Limitations of HP-UX IPSec Interoperating with Linux FreeSwan
Chapter 9 275
Limitations of HP-UX IPSec Interoperating
with Linux FreeSwan
HP-UX IPSec can be configured to interoperate with Linux FreeSwan
version 1.96.
The following are limitations of Linux FreeSwan that affect
interoperability with HP-UX IPSec:
• Linux FreeSwan does not support DES encryption. You must use
3DES or AES encryption.
• Linux FreeSwan does not support port and protocol specified IPSec
rules. You must configure the HP-UX IPSec rules with a 0 value
(wildcard, all traffic included) for port and protocol. See “Step 1:
Configuring Host IPSec Policies” on page 69 for details on
configuring HP-UX IPSec rules.
• Linux FreeSwan does not delete Security Associations (SAs) when it
receives ISAKMP INITIAL-CONTACT notify messages. The
administrator must manually delete any SAs established with the
HP-UX system that sent the INITIAL-CONTACT notify message.
The following is a limitation of HP-UX IPSec that affects interoperability
with Linux FreeSwan:
• HP-UX IPSec does not support Perfect Forward Secrecy (PFS) for
keys only. By default, Linux FreeSwan is configured to use PFS for
keys only. You must explicitly turn off PFS (pfs=no) when
configuring the Linux FreeSwan system to interoperate with HP-UX.