HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 1: Configuring Host IPsec Policies
Chapter 4 109
Use a comma to separate multiple transform specifications.
The order of transforms in the transform list is significant. The first
transform is the most preferable and the last transform is the least
preferable. At least one transform must match a transform configured on
the remote system.
The format for each transform is:
transform_name
[/
lifetime_seconds
[/
lifetime_kbytes
]]
Where:
transform_name
The transform_name is one of the following AH (Authentication Header)
or ESP (Encapsulation Security Payload) transform specifications, or a
nested AH and ESP transform formed by joining an AH transform and
an ESP transform with a plus sign (+). For example,
AH_MD5+ESP_3DES_HMAC_SHA1.
TIP AES128 is the most secure form of encryption, with performance
comparable to or better than DES and 3DES.
Table 4-2 ipsec_config Transforms
Transform Name Description
AH_MD5 AH, with 128-bit key Hashed Message
Authentication Code using RSA Message
Digest-5, HMAC-MD5.
AH_SHA1 AH, with 160-bit key HMAC using Secure
Hash Algorithm-1, HMAC-SHA1.
ESP_AES128_HMAC_MD5 ESP with 128-bit Advanced Encryption
Standard (AES128) CBC, authenticated
with HMAC-MD5.
ESP_AES128_HMAC_SHA1 ESP with 128-bit Advanced Encryption
Standard (AES128) CBC, authenticated
with HMAC-SHA1.