HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 3: Configuring IKE Policies
Chapter 4 127
1 (MODP, 768-bit exponent)
2 (1024-bit exponent)
Default: The value of the group parameter in the IKE-Defaults section
of the profile file used. The default group parameter value is 2.
-hash MD5|SHA1
The hash argument specifies the hash algorithm for authenticating IKE
messages. This must match the hash algorithm configured on the remote
system.
Acceptable Values:
MD5 (128-bit key Hashed Message Authentication Code using RSA
Message Digest-5, HMAC-MD5)
SHA1 (160-bit key HMAC using Secure Hash Algorithm-1,
HMAC-SHA1)
Default: The value of the hash parameter in the IKE-Defaults section of
the profile file used. The default hash parameter value is MD5.
-encryption
encryption_algorithm
The
encryption_algorithm
is
the encryption algorithm for encrypting IKE messages. This must match
the encryption algorithm configured on the remote system.
Acceptable Values:
DES (56-bit Data Encryption Standard, Cipher Block Chaining Mode,
DES-CBC)
3DES (triple-DES CBC, three encryption iterations, each with a
different 56-bit key, 3DES-CBC)
Default: The value of the encryption parameter in the IKE-Defaults
section of the profile file used. The default encryption parameter value
is 3DES.
-life
lifetime_seconds
The
lifetime_seconds
is the maximum lifetime for the IKE SA, in
seconds.
Range: 0 (infinite), or 600 - 4294967294 seconds (approximately 497102
days).
Default: 28,800 (8 hours).