HP-UX IPSec version A.02.00 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg(1M) ipsec_conﬁg(1M)

For remote_id_type, the value of the remote_id follows:

IPV4

An IPv4 address in dotted-decimal notation. If you are using security certiﬁcates

and RSA signatures (RSASIG) for IKE authentication, this must match the IPv4

address in the SubjectAlternativeName of the remote system’s certiﬁcate.

IPV6

An IPv6 address in colon-hexadecimal notation.

FQDN

A Fully Qualiﬁed Domain Name, also known as Domain Name Server or DNS

name, such as

myhost.hp.com

. If you are using security certiﬁcates and RSA

signatures (RSASIG) for IKE authentication, this must match the subject of the

remote system’s certiﬁcate.

USER-FQDN

A User-Fully Qualiﬁed Domain Name in SMTP format, such as

user@myhost.hp.com

. If you are using security certiﬁcates and RSA signatures

(RSASIG) for IKE authentication, this must match the subject of the remote

system’s certiﬁcate.

X500-DN

An X.500 Subject Distinguished Name (DN), encoded using OSI ASN.1 DER, such

CN=myhost,C=us,O=hp,OU=div

If you are using security certiﬁcates and RSA signatures (RSASIG) for IKE authen-

tication, this must match the Subject distinguishedName (Subject DN) of the remote

system’s certiﬁcate.

The format for the DN is:

CN=commonName,O=organization,C=country[,OU=organizationalUnit]

where the values are deﬁned as follows:

commonName

The commonName of the DN in printable string format. The maximum length is 64

characters.

organization

The organization of the DN, for example

Hewlett-Packard

. The maximum

length is 64 characters.

country

The two-character ISO 3166-1 code for the country in the DN, for example

US for

United States of America. The maximum length is 64 characters.

organizationa l Uni t

organizationalUnit for the DN, for example

Marketing

. The maximum length is

64 characters.

Default:Ifremote_id_t yp e and remote_id are not speciﬁed, HP-UX IPSec uses the IPv4 or

IPv6 source address of the IKE negotiation packets received from the remote system.

-preshared|psk preshared_key

Speciﬁes the preshared key used for IKE authentication. You must conﬁgure a preshared key

if you speciﬁed preshared key as the authentication type (

-authentication PSK

) in the

IKE policy for the remote system. This must match the preshared key conﬁgured on the

remote system.

Acceptable values: A text string, containing 1 - 128 ASCII characters. (Whitespace is not

allowed.) If you include shell special characters, you must quote them if you are running

ipsec_config from the command line. For example, "Hello*".

Examples

Conﬁgure an authentication record for preshared key authentication for remote system 10.2.2.2,

which is an HP-UX IPSec system with only one address (a non-multihomed system).

ipsec_config add auth -remote 10.2.2.2 \

-preshared my_hostA_hostB_key

8 Hewlett-Packard Company − 4 − HP-UX IPSec A.02.00