HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 1: Configuring Host IPSec Policies
Chapter 376
Where:
transform_name
The
transform_name
is one of the following AH (Authentication
Header) or ESP (Encapsulation Security Payload) transform
specifications, or a nested AH and ESP transform formed by joining an
AH transform and an ESP transform with a plus sign (+). For example,
AH_MD5+ESP_3DES.
TIP AES128 is the most secure form of encryption, with performance
comparable to or better than DES and 3DES. For added security, use
AES in an authenticated ESP transform, such as
ESP_AES128_HMAC_SHA1.
ESP transforms without authentication (such as ESP-AES128) do not
provide data integrity and should not be used.
Table 3-2 ipsec_config Transforms
Transform Name Description
AH_MD5 AH, with 128-bit key Hashed Message
Authentication Code using RSA Message
Digest-5, HMAC-MD5.
AH_SHA1 AH, with 160-bit key HMAC using Secure
Hash Algorithm-1, HMAC-SHA1.
ESP_AES128 ESP with 128-bit Advanced Encryption
Standard CBC.
ESP_AES128_HMAC_MD5 ESP AES128, authenticated with
HMAC-MD5.
ESP_AES128_HMAC_SHA1 ESP AES128, authenticated with
HMAC-SHA1.
ESP_DES ESP with 56-bit Data Encryption
Standard, Cipher Block Chaining Mode,
DES-CBC.
ESP_DES_HMAC_MD5 ESP DES, authenticated with
HMAC-MD5.