HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 4: Configuring Preshared Keys Using Authentication Records
Chapter 3 95
Step 4: Configuring Preshared Keys Using
Authentication Records
Complete this step only if you configured PSK (preshared keys) as an IKE
authentication method in “Step 3: Configuring IKE Policies” on page 89.
If you configured RSASIG (RSA signatures) as the IKE authentication
method in all IKE policies, skip this step, and go to Chapter 4, “Using
Certificates with HP-UX IPSec,” on page 113.
HP-UX IPSec stores preshared keys in authentication records. You
configure authentication records using the ipsec_config add auth
command.
Remote Multi-homed Systems
If a remote system is multi-homed (the remote systems has multiple IP
addresses), you must configure an authentication record for each IP
address on the remote system. Specify the same preshared key in each
authentication record for the remote system.
Configuring IKE ID Information with Preshared Keys
Authentication records can also include IKE ID information. You do not
have to configure IKE ID information if your topology meets the
following requirements:
• you are using preshared keys
• the remote system is an HP-UX IPSec system, or a system that uses
IP addresses as IKE IDs
If your topology does not meet the above requirements, you must
configure IKE ID information. Refer to the ipsec_config (1M) manpage
for more information on configuring IKE ID information. Chapter 4,
“Configuring Authentication Records with IKE IDs” on page 134 also
contains information on configuring IKE ID information.
As part of the ISAKMP/MM SA negotiation, the IKE peers exchange and
verify ID types and ID values. During an ISAKMP/MM negotiation,
HP-UX IPSec uses the remote system address to search for an