Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
919293949596979899100
Configuring HP-UX IPSec
Step 2: Configuring Tunnel IPSec Policies
Chapter 3 87
ESP transforms without authentication (such as ESP-AES128) do not
provide data integrity and should not be used.
Default: The transform defined for the action parameter in the
TunnelPolicy-Defaults section of the profile file used. The default action
is ESP_AES128_HMAC_SHA1.
lifetime_seconds
The
lifetime_seconds
is the maximum lifetime for the IPSec SA, in
seconds. A transform lifetime can be specified by time (seconds), and by
kilobytes transmitted or received. HP-UX IPSec considers the lifetime to
be exceeded if either value is exceeded.
Range: 0 (infinite), or 600 - 4294967294 seconds (approximately 497102
days).
Default: 28,800 (8 hours).
lifetime_kbytes
The
lifetime_kbytes
is the maximum lifetime for the IPSec SA,
measured by kilobytes transmitted or received. A transform lifetime can
be specified by time (seconds), and by kilobytes transmitted or received.
HP-UX IPSec considers the lifetime to be exceeded if either value is
exceeded.
Range: 0 (infinite), or 5120 - 4294967294 kilobytes.
Default: 0 (infinite).
CAUTION HP recommends that you do not specify an infinite value for
lifetime_seconds
(0) with a finite value for
lifetime_kbytes
.
Tunnel IPSec Policy Configuration Example
The local system (10.1.1.1) is using a host-to-host tunnel with system
10.2.2.2. The following batch file entry configures the tunnel to use
authenticated ESP, with AES128 encryption and HMAC SHA-1
authentication.