HP-UX IPSec version A.02.00 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg(1M) ipsec_conﬁg(1M)

ESP_DES_HMAC_SHA1

(ESP DES, authenticated with HMAC-SHA1.)

ESP_3DES

(ESP with triple-DES CBC, three encryption iterations, each with a

different 56-bit key, 3DES-CBC.)

ESP_3DES_HMAC_MD5

(ESP 3DES, authenticated with HMAC-MD5.)

ESP_3DES_HMAC_SHA1

(ESP 3DES, authenticated with HMAC-SHA1.)

ESP_AES128

(ESP with 128-bit Advanced Encryption Standard CBC.)

ESP_AES128_HMAC_MD5

(ESP AES128, authenticated with HMAC-MD5.)

ESP_AES128_HMAC_SHA1

(ESP AES128, authenticated with HMAC-SHA1.)

ESP_NULL_HMAC_MD5

(ESP, with null encryption and authenticated with HMAC-MD5.)

ESP_NULL_HMAC_SHA1

(ESP, with null encryption and authenticated with HMAC-SHA1.)

AES128

is the most secure form of encryption, with performance comparable to or

better than DES and 3DES

. For added security, use

AES128 in an authenticated

ESP

transform, such as

ESP_AES128_HMAC_SHA1

lifetime_seconds

The maximum lifetime for the IPSec SA, in seconds. A transform lifetime can be

speciﬁed by time (seconds), and by kilobytes transmitted or received. HP-UX IPSec

considers the lifetime to be exceeded if either value is exceeded. HP recommends

that you do not specify an inﬁnite value for lifeti me_seconds (0) with a ﬁnite value

for lifetime_kbytes.

This parameter is not valid for manual keys.

Acceptable values: 0 (inﬁnite), or 300 - 4294967294 seconds (approximately

497102 days).

Default: 28,800 (8 hours).

lifetime_kbytes

The maximum lifetime for the IPSec SA, measured by kilobytes transmitted or

received. A transform lifetime can be speciﬁed by time (seconds), and by kilobytes

transmitted or received. HP-UX IPSec considers the lifetime to be exceeded if

either value is exceeded.

This parameter is not valid for manual keys.

Acceptable values: 0 (inﬁnite), or 5120 - 4294967294 kilobytes.

Default: 0 (inﬁnite).

Note: HP recommends that you do not specify an inﬁnite value for lifetime_seconds

(0) with a ﬁnite value for lifet ime_kbytes.

-in manual_key_SA_specification [

-in

manual_key_SA_specification]

-out manual_key_SA_specification [-out manual_key_SA_specification]

Specify the -in manua l_key_SA_spec iﬁcation and -out manual_key_SA_speciﬁcation argu-

ments to use static, manual keys for the IPSec SAs. If the transform_list contains a nested AH

and ESP transform, you must specify two -in manual_key_SA_speciﬁcation arguments and

two -out manual_key_SA_speci ﬁcation arguments.

The format of the manua l_key _SA_speciﬁcation is:

type/spi[/ auth_key][/enc_key][/vi]

where the values are deﬁned as follows:

HP-UX IPSec A.02.00 − 25 − Hewlett-Packard Company 29