HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 2: Configuring Tunnel IPsec Policies
Chapter 4 121
ESP transform formed by joining an AH transform and an ESP
transform with a plus sign (+). For example,
AH_MD5+ESP_3DES_HMAC_SHA1.
TIP AES128 is the most secure form of encryption, with performance
comparable to or better than DES and 3DES.
Default: The transform defined for the action parameter in the
TunnelPolicy-Defaults section of the profile file used. The default action
is ESP_AES128_HMAC_SHA1.
lifetime_seconds
The
lifetime_seconds
is the maximum lifetime for the IPsec SA, in
seconds. A transform lifetime can be specified by time (seconds), and by
kilobytes transmitted or received. HP-UX IPSec considers the lifetime to
be exceeded if either value is exceeded.
Range: 0 (infinite), or 600 - 4294967294 seconds (approximately 497102
days).
Default: 28,800 (8 hours).
lifetime_kbytes
The
lifetime_kbytes
is the maximum lifetime for the IPsec SA,
measured by kilobytes transmitted or received. A transform lifetime can
be specified by time (seconds), and by kilobytes transmitted or received.
HP-UX IPSec considers the lifetime to be exceeded if either value is
exceeded.
Range: 0 (infinite), or 5120 - 4294967294 kilobytes.
Default: 0 (infinite).
CAUTION HP recommends that you do not specify an infinite value for
lifetime_seconds
(0) with a finite value for
lifetime_kbytes
.