HP-UX IPSec version A.02.00 manpages
ipsec_config(1M) ipsec_config(1M)
• one authentication record
The first host IPSec policy, telnetAB, secures outbound telnet connections (Apple is the telnet client). You
do not need to specify the source argument, since it will default to any IP address and any port, and the
telnet client port number is dynamically allocated. The second policy, telnetBA, secures inbound telnet
connections (Apple is the telnet server).
ipsec_config add host telnetAB -destination 10.2.2.2/32/TELNET \
-priority 20 -action ESP_AES128_HMAC_SHA1
ipsec_config add host telnetBA -source 10.1.1.1/32/TELNET \
-destination 10.2.2.2 \
-priority 30 -action ESP_AES128_HMAC_SHA1
The IKE policy specifies that IKE uses preshared key authentication to
10.2.2.2
(Banana):
ipsec_config add ike banana -remote 10.2.2.2 -authentication psk
The authentication record specifies the preshared key value used with
10.2.2.2 (Banana):
ipsec_config add auth banana -remote 10.2.2.2 \
-preshared apple_banana_key
The configuration on Banana is the mirror image of the configuration on Apple:
ipsec_config add host telnetAB -source 10.2.2.2/32/TELNET \
-destination 10.1.1.1 \
-priority 20 -action ESP_AES128_HMAC_SHA1
ipsec_config add host telnetBA -destination 10.1.1.1/32/TELNET \
-priority 30 -action ESP_AES128_HMAC_SHA1
ipsec_config add ike apple -remote 10.1.1.1 -authentication psk
ipsec_config add auth apple -remote 10.1.1.1 \
-preshared apple_banana_key
FILES
/var/adm/ipsec/config.db
configuration database.
/var/adm/ipsec/.ipsec_profile
default
ipsec_config profile file.
SEE ALSO
ipsec_admin(1M), ipsec_migrate(1M), ipsec_mg
r(1M), ipsec_policy(1M), ipsec_report(1M).
34 Hewlett-Packard Company − 30 − HP-UX IPSec A.02.00