HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Configuration Overview
Chapter 4100
The bypass list specifies the local IP addresses that IPsec will bypass
or ignore. The system will not attempt to find an IPsec policy for
packets sent or received using an IP address in the bypass list, and
will process these packets as if HP-UX IPSec was not enabled.
The bypass list improves transmission rates for addresses in the
bypass list and is useful in topologies where most of the network
traffic passes in clear text and only specific traffic must be secured by
IPsec.
• Start-up options
The start-up options allow you to configure HP-UX IPSec to start
automatically at system boot-up time and to specify general
operating parameters.
HP-UX IPSec also supports gateway IPsec policies when used with
HP-UX Mobile IPv6. See “HP-UX IPSec and HP-UX Mobile IPv6” on
page 277 for more information on using gateway IPsec policies.
Although you can configure the above components in any order, HP
recommends that you use the following procedure to configure IPsec:
Step 1. Configure host IPsec policies.
See “Step 1: Configuring Host IPsec Policies” on page 102 for a
description of this step.
Step 2. Configure tunnel IPsec policies.
See “Step 2: Configuring Tunnel IPsec Policies” on page 115 for a
description of this step. Skip this step if the local system is not a tunnel
endpoint.
Step 3. Configure IKE policies.
See “Step 3: Configuring IKE Policies” on page 123 for a description of
this step.Skip this step if the local system uses only manual keys for
IPsec.
Step 4. Configure IKE preshared keys using authentication records.
See “Step 4: Configuring Preshared Keys Using Authentication Records”
on page 129 for a description of this step. Skip this step if the local
system uses only manual keys for IPsec.
Step 5. Configure security certificates and ID information, if you are using RSA
signatures for IKE authentication.