HP-UX IPSec version A.02.00 manpages
ipsec_config(1M) ipsec_config(1M)
The following table shows the range and default for IPv4 and IPv6 addresses. The
defaults apply to non-zero addresses.
Type Range Defaul t
IPv4 0 - 32 32 (0 for all-zero addresses)
IPv6 0 - 128 128 (0 for all-zero addresses)
The default prefix is zero (0) if the address is all zeros.
Warning: Specifying a subnet address filter and a preshared key allows you to
configure a single preshared key for an entire subnet. However, HP strongly recom-
mends that you configure an individual authentication record for each remote sys-
tem with a unique preshared key.
-ltype
local_id_type
Specifies the ID type the local system sends to the remote system when negotiating an
ISAKMP/Main Mode Security Association (ISAKMP/MM SA). This must match what is
configured on the remote system.
Acceptable values:
IPV4 (IPv4 address)
IPV6
(IPv6 address),
If you are using preshared keys for IKE authentication, the local ID type must be
IPV4 or
IPV6. If you are using security certificates and RSA signatures (RSASIG) for IKE authentica-
tion, the local ID type must be
IPv4
.
Default:
IPV4, if the IKE daemon uses an IPv4 interface to communicate with the remote
system, or IPV6, if the IKE daemon uses an IPv6 interface to communicate with the remote
system.
-lid
local_id
Specifies the local ID value, in the format specified by local_id_type.
For the specified local_id_type, the value of the local_id follows:
IPV4
An IPv4 address in dotted-decimal notation. If you are using security
certificates and RSA signatures (RSASIG) for IKE authentication, this must
match the IPv4 address in the SubjectAlternativeName of the certificate for
the local system.
IPV6
An IPv6 address in colon-hexadecimal notation.
Default:Iflocal_id_type and local_id are not specified, HP-UX uses the IPv4 or IPv6 address
of the interface the IKE daemon uses to communicate with the remote system.
-rtype
remote_id_type
Specifies the ID type used to verify the ID type sent by the remote system when negotiating an
ISAKMP/Main Mode Security Association (ISAKMP/MM SA). This value must match what is
configured on the remote system.
Acceptable values:
IPV4 (IPv4 address)
IPV6 (IPv6 address)
FQDN (Fully Qualified Domain Name, also known as Domain Name Server or DNS name)
USER-FQDN
(User-Fully Qualified Domain Name in SMTP format)
X500-DN (X.500 Subject Distinguished Name or DN; encoded using OSI Abstract Syntax
Notation One Distinguished Encoding Rules, ASN.1 DER).
Default:
IPV4, if the IKE daemon receives the IKE negotiation packets from an IPv4 inter-
face, or IPV6, if the IKE daemon receives the IKE negotiation packets packets from an IPv6
interface.
-rid remote_id
Specifies the remote ID value, in the format specified by remote_id_type. This must match
what is configured on the remote system.
HP-UX IPSec A.02.00 − 3 − Hewlett-Packard Company 7