Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
61626364656667686970
Configuring HP-UX IPSec
Configuration Overview
Chapter 366
Configuration Overview
There are seven main configuration components:
Host IPSec Policies
Host IPSec policies specify HP-UX IPSec behavior for IP packets sent
or received by the local system as an end host. A host IPSec policy
contains address specifications used to select the host IPSec policy
for a packet. A host IPSec policy also specifies the HP-UX IPSec
behavior (action) for packets using the policy: pass the packets in
clear text, discard the packets, or apply an IPSec transform (AH or
ESP) to the packets.
Tunnel IPSec Policies
Tunnel IPSec policies specify the behavior for tunnel endpoints. If
the local system is an end host in a host-to-host tunnel topology, or
the end host in a host-to-gateway tunnel topology, you must configure
tunnel IPSec policies. If the local system is only an end host with no
IPSec tunneling, do not configure tunnel IPSec policies.
IKE Policies
An IKE policy defines the parameters used when negotiating an
ISAKMP/Main Mode Security Association (SA). IPSec uses ISAKMP
SAs to negotiate IPSec SAs; an ISAKMP SA must exist with a
remote system before IPSec can negotiate IPSec SAs.
IKE Authentication Records
IKE Authentication records contain information that IKE uses to
authenticate the identity of the remote system, including local and
remote ID values, and preshared keys, if preshared keys are used.
You must configure IKE authentication records if you use preshared
keys for IKE authentication.
Security Certificates
You can use security certificates with RSA signatures for IKE
authentication (also referred to as primary authentication) instead of
preshared keys.
Bypass List