Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
301302303304305306307308309310
HP-UX IPSec Configuration Examples
Example 1: telnet Between Two Systems
Appendix C 297
add host telnetAB \
-source 15.1.1.1 \
-destination 15.2.2.2/32/TELNET \
-priority 20 -action ESP_AES128_HMAC_SHA1
add host telnetBA \
-source 15.1.1.1/32/TELNET \
-destination 15.2.2.2 \
-priority 30 -action ESP_AES128_HMAC_SHA1
IKE Policy
You configure an IKE policy, banana, to use when Apple negotiates
ISAKMP/MM Security Associations (SAs) with Banana. The
ipsec_config batch file entry is listed below:
add ike banana -remote 15.2.2.2 -authentication psk
Authentication Record with Preshared Key
You must configure the preshared key to use when Apple authenticates
system Banana’s identity and to authenticate Apple’s identity to
Banana. The ipsec_config batch file entry is listed below:
add auth banana -remote 15.2.2.2 -preshared apple_banana_key
Banana Configuration
The configuration on Banana is the mirror-image of the configuration on
Apple. The administrator created the host IPSec policies by copying the
host policies from Apple, changing the name and swapping the -source
and -destination option names. The remote address for the IKE policy
and authentication record is 15.1.1.1 (Apple’s IP address) and the
preshared key matches the key configured on Apple for Banana. The
ipsec_config batch file is listed below:
# Host Policies
add host telnetAB -destination 15.1.1.1 \
-source 15.2.2.2/32/TELNET \
-priority 20 -action ESP_AES128_HMAC_SHA1
add host telnetBA -destination 15.1.1.1/32/TELNET \
-source 15.2.2.2 \
-priority 30 -action ESP_AES128_HMAC_SHA1