Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
101102103104105106107108109110
Configuring HP-UX IPSec
Configuration Overview
Chapter 4 99
Configuration Overview
There are seven main configuration components:
Host IPsec Policies
Host IPsec policies specify HP-UX IPSec behavior for IP packets sent
or received by the local system as an end host. A host IPsec policy
contains address specifications used to select the host IPsec policy for
a packet. A host IPsec policy also specifies the HP-UX IPSec behavior
(action) for packets using the policy: pass the packets in clear text,
discard the packets, or apply an IPsec transform (AH or ESP) to the
packets.
Tunnel IPsec Policies
Tunnel IPsec policies specify the behavior for tunnel endpoints. If the
local system is an end host in a end-to-end tunnel (host-to-host
tunnel) topology, or the end host in a host-to-gateway tunnel
topology, you must configure tunnel IPsec policies. If the local system
is only an end host with no IPsec tunneling, do not configure tunnel
IPsec policies.
IKE Policies
An IKE policy defines the parameters used when negotiating an IKE
Security Association (SA). IPsec uses IKE SAs to negotiate IPsec
SAs; an IKE SA must exist with a remote system before IPsec can
negotiate IPsec SAs.
IKE Authentication Records
IKE Authentication records contain information that IKE uses to
authenticate identities with the remote system, including local and
remote ID values, exchange mode, and preshared keys, if preshared
keys are used. You must configure IKE authentication records if you
use preshared keys for IKE authentication.
Security Certificates
You can use security certificates with RSA signatures for IKE
authentication (also referred to as primary authentication) instead of
preshared keys.
Bypass List