HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 3: Configuring IKE Policies
Chapter 4126
-priority
priority_number
The
priority_number
is the priority value HP-UX IPSec uses when
selecting an IKE policy (a lower priority value has a higher priority). The
priority must be unique for each IKE policy.
Range: 1 - 2147483647.
Default: If you do not specify a priority, ipsec_config assigns a priority
value that is set to the current highest priority value (lowest priority) for
IKE policies in the configuration data base, incremented by the
automatic priority increment value (priority) for IKE policies specified in
the HostPolicy-Defaults section of the profile file (this policy will be the
last policy evaluated before the default policy). The default automatic
priority increment value (priority) is 10.
If this is the first IKE policy created, ipsec_config uses the automatic
priority increment value as the priority.
-authentication
authentication_type
The authentication_type is the primary authentication method HP-UX
IPSec will use when establishing the IKE SA. This must match the
method configured on the remote system.
Acceptable Values:
PSK (preshared key)
RSASIG (RSA signatures using security certificates)
If you specify PSK, you must configure a preshared key using the
ipsec_config add auth command. If you specify RSASIG, you must use
security certificates. See Chapter 5, “Using Certificates with HP-UX
IPSec,” on page 151 for information on using security certificates with
HP-UX IPSec.
Default: The value of the authentication parameter in the
IKE-Defaults section of the profile file used. The default authentication
parameter value is PSK.
-group 1|2
The group argument specifies the Oakley Group (sometimes referred to
as the Diffie-Hellman group) used to select initial Diffie-Hellman values.
This must match the Oakley Group configured on the remote system.
Acceptable Values: