HP-UX IPSec version A.02.01 Administrator's Guide
Configuring HP-UX IPSec
Step 4: Configuring Preshared Keys Using Authentication Records
Chapter 4136
If the remote system is an autoconfiguration client (the AUTOCONF flag is
set in the host IPsec policy) or Mobile IPv6 client (the MIPV6 flag is set in
the host IPsec policy), the exchange type must be AM.
Default: MM (Main Mode).
TIP Most vendors use Main Mode by default. The IKE protocol specification
requires implementations to support Main Mode; support for Aggressive
Mode is optional.
-ltype
local_id_type
and -lid
local_id
The
local_id_type
and
local_id
are the local ID type and value the
local system sends to the remote system when negotiating an IKE SA.
These values must match what is configured on the remote system.
You do not have to the local ID type and value if the local system uses
IPv4 or IPv6 addresses as the ID type, and the local system is not
multihomed. (HP-UX IPSec uses IPv4 and IPv6 addresses for the ID type
by default.)
Acceptable Values: Table 4-4 lists the valid ID types and
corresponding ID values.
Table 4-4 ID Types and Values
ID Type ID Value
IPV4 IPv4 address in dotted-decimal notation.
IPV6 IPv6 address in colon-hexadecimal notation.
FQDN Fully Qualified Domain Name (FQDN), also
known as Domain Name Server or DNS name,
such as myhost.hp.com.
KEY-ID Key identifier; a character string used to
identify the preshared key. This is only valid
for Aggressive Mode negotiations using
preshared keys. You must also specify
-exchange
AM
and -preshared
preshared_key
.