HP-UX IPSec version A.02.01 Administrator's Guide

Configuring HP-UX IPSec

Step 4: Configuring Preshared Keys Using Authentication Records

Chapter 4 129

Step 4: Configuring Preshared Keys Using

Authentication Records

Complete this step only if you configured PSK (preshared keys) as an IKE

authentication method in “Step 3: Configuring IKE Policies” on page 123.

If you configured RSASIG (RSA signatures) as the IKE authentication

method in all IKE policies, skip this step, and go to Chapter 5, “Using

Certificates with HP-UX IPSec,” on page 151.

HP-UX IPSec stores preshared keys in authentication records. You

configure authentication records using the ipsec_config add auth

command.

Remote Multihomed Systems

If a remote system is multihomed (the remote systems has multiple IP

addresses), you must configure an authentication record for each IP

address on the remote system. Specify the same preshared key in each

authentication record for the remote system.

Configuring Preshared Keys without ID Information

Authentication records can also include IKE ID information. You do not

have to configure IKE ID information if your topology meets the

following requirements:

• You are using preshared keys.

• The remote system uses IP addresses as IKE IDs. HP-UX IPSec

systems use IP addresses as IKE IDs by default.

• You are using Main Mode (MM) for the IKE negotiations (you are not

using Aggressive Mode). HP-UX and most vendors use Main Mode by

default.

If your topology does not meet the above requirements, you must

configure IKE ID information. Refer to the ipsec_config_add (1M)

manpage for more information on configuring IKE ID information. See

“Configuring Preshared Keys with ID Information” on page 132 for

information on configuring IKE ID information.