HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 4: Configuring Preshared Keys Using Authentication Records
Chapter 4 131
-remote
ip_addr
[/
prefix
]
The ip_addr and
prefix
are the IP address and network prefix length
that specifies the remote system or subnet for this record. Each
ip_addr
and
prefix
combination (the significant bits of
ip_addr
, as specified by
prefix
) must be unique.
If the remote system's IP address matches multiple IP address and prefix
combinations, HP-UX IPSec uses the authentication record with the
most specific address (longest prefix length).
Where:
ip_addr
The
ip_addr
is the remote IP address.
Acceptable Values: An IPv4 address in dotted-decimal notation or an
IPv6 address in colon-hexadecimal notation. The IP address type (IPv4
or IPv6) must be the same for the source and destination address.
HP-UX IPSec does not support unspecified IPv6 addresses. However, you
can use the double-colon (::) notation within a specified IPv6 address to
denote a number of zeros (0) within an address. The address cannot be a
broadcast, subnet broadcast, multicast, or anycast address.
Default: None.
prefix
The
prefix
is the prefix length, or the number of leading bits
that must match when comparing the remote IP address with
ip_addr
.
For IPv4 addresses, a prefix length of 32 bits indicates that all the bits in
both addresses must match. This prefix length is equivalent to an
address mask of 255.255.255.255. Use a value less than 32 to specify a
subnet address filter.
For IPv6 addresses, a prefix length of 128 bits indicates that all the bits
in both addresses must match. Use a value less than 128 to specify a
subnet address filter.
WARNING Specifying a subnet address filter and a preshared key allows
you to configure a single preshared key for an entire subnet.
However, HP strongly recommends that you configure an
individual authentication record for each remote system with a
unique preshared key.