HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 4: Configuring Preshared Keys Using Authentication Records
Chapter 4132
Range: 0 - 32 for an IPv4 address; 0 - 128 for an IPv6 address. If you are
using manual keys, prefix must be 32 if
ip_addr
is an IPv4 address or
128 if
ip_addr
is an IPv6 address.
Default: 32 if
ip_addr
is a non-zero IPv4 address, 128 if
ip_addr
is a
non-zero IPv6 address, or 0 (match any address) if
ip_addr
is an
all-zeros address (0.0.0.0 or 0::0).
-preshared
preshared_key
The
preshared_key
is the preshared key used for IKE authentication.
This must match the preshared key configured on the remote system.
Acceptable Values: A text string, containing 1 - 128 ASCII characters.
White spaces are not allowed. You must quote shell special characters if
you are using the command-line interface; do not quote them if you are
using a batch file.
Default: None.
Configuring Preshared Keys with ID Information
You must configure IKE ID information with preshared keys for the
following topologies:
• The remote system does not use IP addresses as IKE IDs. HP-UX
IPSec systems use IP addresses as IKE IDs by default.
• You are using Aggressive Mode (AM) for the IKE negotiations; you
are not using Main Mode (MM).
As part of the IKE SA negotiation, the IKE peers exchange and verify ID
types and ID values. For preshared key authentication, the
authentication record contains the preshared key value and can also
contain the following IKE ID information:
•local ID type
•local ID value
• remote ID type
• remote ID value
The HP-UX IPSec IKE daemon searches for authentication records as
follows: