Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
111112113114115116117118119120
Configuring HP-UX IPSec
Step 1: Configuring Host IPsec Policies
Chapter 4 111
Default: 0 (infinite).
CAUTION HP recommends that you do not specify an infinite value for
lifetime_seconds
(0) with a finite value for
lifetime_kbytes
.
-flags
flags
The flags are additional options for this policy. Join multiple flags with a
plus sign (+).
Table 4-3 ipsec_config add host Flags
Flag Description
AUTOCONF Specifies that this IPsec policy is used for clients
that use stateless or stateful address
autoconfiguration, such as DHCP and DHCPv6
clients. To use HP-UX IPSec with autoconfiguration
clients, you must also configure the following items:
An IKE policy with a remote address and prefix
that matches the autoconfiguration address
pool. The IKE authentication method can be
RSA signatures (-auth RSASIG) or preshared
keys (-auth PKEY).
An authentication record that specifies
Aggressive Mode for the exchange mode
(-exchange AM) and specifies remote ID
information (-rtype and -rid arguments). You
can configure one authentication record for
multiple autoconfiguration clients that use a
common preshared key. However, HP strongly
recommends that you configure an individual
authentication record for each remote system
with a unique preshared key.
The local system cannot be the initiator in IKE
Phase 1 negotiations with autoconfiguration
clients.