HP-UX IPSec version A.02.00 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg(1M) ipsec_conﬁg(1M)

For IPv6 addresses, a preﬁx length of 128 bits indicates that all the bits in both

addresses must match. Use a value less than 128 to specify a subnet address ﬁlter.

The following table shows the range and default for IPv4 and IPv6 addresses. The

defaults apply to non-zero addresses.

Type Range De faul t

IPv4 0 - 32 32 (0 if address is all-zeros)

IPv6 0 - 128 128 (0 if address is all-zeros)

The default is 0 (match any address) if ip_addr is an all-zeros address (

0.0.0.0

or 0::0

-pri

[ority

] priori ty_number

Speciﬁes the priority value HP-UX IPSec will use when selecting an IKE policy (a lower prior-

ity value has a higher priority). The priority must be unique for each IKE policy.

Range: 1 - 2147483647.

Default: If you do not specify a priority,

ipsec_config

assigns a priority value that is set

to the current highest priority value (lowest priority) in the conﬁguration data base, incre-

mented by the automatic priority increment value (priority) for IKE policies speciﬁed in the

IKEPolicy-Defaults

section of the proﬁle ﬁle (this policy will be the last policy). The

default automatic priority increment value (priority) is 10 in

/var/adm/ipsec/.ipsec_profile

If this is the ﬁrst IKE policy created, ipsec_config uses the automatic priority increment

value as the priority.

-auth

[entication

] PSK |RSASIG

Speciﬁes the primary authentication method HP-UX IPSec will use when establishing the

ISAKMP/MM SA. This must match the method conﬁgured on the remote system.

Acceptable values:

PSK

preshared key

RSASIG

RSA signature using security certiﬁcates

If you specify

PSK, you must conﬁgure a preshared key using the

ipsec_config add

auth

command. If you specify

RSASIG, you must use security certiﬁcates. Refer to the HP-

UX IPSec product manual for information on using security certiﬁcates with HP-UX IPSec.

Default: The value of the the authentication parameter in the

IKE-Defaults

section of the

proﬁle ﬁle used . The default authentication parameter value is

PSK in

/var/adm/ipsec/.ipsec_profile

-group 1

The Oakley Group (sometimes referred to as the Difﬁe-Hellman group) used to select initial

Difﬁe-Hellman values. This must match the Oakley Group conﬁgured on the remote system.

Acceptable values:

1 (MODP, 768-bit exponent) or

2 (1024-bit exponent).

Default: The value of the the

-group parameter in the

IKE-Defaults section of the

proﬁle ﬁle used. The default

-group

parameter value is 2 in

/var/adm/ipsec/.ipsec_profile

-hash MD5

|SHA

Speciﬁes the hash algorithm for authenticating IKE messages. This must match the hash algo-

rithm conﬁgured on the remote system.

Acceptable values:

MD5 128-bit key Hashed Message Authentication Code using RSA Message Digest-

5, HMAC-MD5

SHA1 160-bit key HMAC using Secure Hash Algorithm-1, HMAC-SHA1

Default: The value of the the hash parameter in the

IKE-Defaults section of the proﬁle

ﬁle used. The default hash parameter value is MD5 in

/var/adm/ipsec/.ipsec_profile.

22 Hewlett-Packard Company − 18 − HP-UX IPSec A.02.00