Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
301302303304305306307308309310
HP-UX IPSec Configuration Examples
Example 2: Authenticated ESP with Exceptions
Appendix C 301
ipsec_config Batch File Entries
add host potato -destination 193.3.3.3 -priority 20 \
-action ESP_AES128_HMAC_SHA1
add host pass_icmp -destination 192.1.1.0/24 \
-protocol ICMP -priority 30 -action pass
add host aes_lan -destination 192.1.1.0/24 \
-priority 40 -action ESP_AES128_HMAC_SHA1
# to modify the default host policy, you must delete
# the existing default policy, then re-add it
add host default -action DISCARD
add host default -action DISCARD
IKE Policies
You are using preshared keys for IKE authentication with system
Potato. You are using security certificates with RSA signatures for IKE
authentication for all nodes in the 192.1.1.* network.
add ike potato -remote 193.3.3.3 -authentication psk
#
add ike 192.1.1_net -remote 192.1.1.0/24 \
-authentication rsasig
Authentication Record
Because you are using preshared keys with Potato, you must configure
an authentication record with the key.
add auth potato -remote 193.3.3.3 \
-preshared carrot_potato_key