HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 3: Configuring IKE Policies
Chapter 4124
policy. The automatic priority increment value for IKE policies is the
priority parameter value in the IKEPolicy-Defaults section of the
profile file, and the default value is 10.
If you are configuring the first IKE IPsec policy and do not specify a
priority argument, ipsec_config assigns the automatic priority
increment value as the priority.
ipsec_config add ike Syntax
You can use the following ipsec_config add ike syntax in most
installations:
ipsec_config add ike
ike_policy_name
-remote
ip_addr
[/
prefix
] [-priority
priority_number
]
[-authentication PSK|RSASIG]
[-hash MD5|SHA1] [-encryption DES|3DES]
[-life
lifetime_seconds
] [-maxqm|mq
max_quick_modes
]
HP recommends that you use an ipsec_config batch file to configure
HP-UX IPSec. To specify an add ike operation for an ipsec_config
batch file, use the above syntax without the ipsec_config command
name:
add ike
ike_policy_name
-remote
ip_addr
[/
prefix
] [-priority
priority_number
]
[-authentication PSK|RSASIG]
[-hash MD5|SHA1] [-encryption DES|3DES]
[-life
lifetime_seconds
] [-maxqm|mq
max_quick_modes
]
The complete ipsec_config add ike syntax specification also allows
you to specify the following arguments:
• nocommit (verify the syntax but do not commit the information to the
database)
• profile (alternate profile file)
Refer to the ipsec_config_add (1M) manpage for complete syntax
information.
ike_policy_name
The
ike_policy_name
is the user-defined name for the IKE policy. This
name must be unique for each IKE policy and is case-sensitive.