HP-UX IPSec version A.02.01 Administrator's Guide
Using Certificates with HP-UX IPSec
Step 4: Configuring Authentication Records with IKE IDs
Chapter 5166
ip_addr
The
ip_addr
is the remote IP address.
Acceptable Values: An IPv4 address in dotted-decimal notation or an
IPv6 address in colon-hexadecimal notation. The address cannot be a
broadcast, subnet broadcast, or multicast address.
Default: None.
prefix
The
prefix
is the prefix length, or the number of leading bits that must
match when comparing the remote IP address with
ip_addr
.
For IPv4 addresses, a prefix length of 32 bits indicates that all the bits in
both addresses must match. This prefix length is equivalent to an
address mask of 255.255.255.255. Use a value less than 32 to specify a
subnet address filter.
For IPv6 addresses, a prefix length of 128 bits indicates that all the bits
in both addresses must match. Use a value less than 128 to specify a
subnet address filter.
Range: 0 - 32 for an IPv4 address; 0 - 128 for an IPv6 address. If you are
using manual keys, prefix must be 32 if
ip_addr
is an IPv4 address or
128 if
ip_addr
is an IPv6 address.
Default: 32 if
ip_addr
is a non-zero IPv4 address, 128 if
ip_addr
is a
non-zero IPv6 address, or 0 (match any address) if
ip_addr
is an
all-zeros address (0.0.0.0 or 0::0).
-exchange AM|MM
Specifies the exchange mode for the IKE Phase 1 negotiation. This must
match what is configured on the remote system.
Acceptable Values: AM (Aggressive Mode) or MM (Main Mode).
Aggressive Mode does not provide identity protection (the IKE peers
exchange identity information before establishing a secure channel), but
it is more efficient.
If the remote system is an autoconfiguration client (the AUTOCONF flag is
set in the host IPsec policy) or Mobile IPv6 client (the MIPV6 flag is set in
the host IPsec policy), the exchange type must be AM.
Default: MM (Main Mode).