HP-UX IPSec version A.02.01 Administrator's Guide
Using Certificates with HP-UX IPSec
Step 4: Configuring Authentication Records with IKE IDs
Chapter 5 167
TIP Most vendors use Main Mode by default. The IKE protocol specification
requires implementations to support Main Mode; support for Aggressive
Mode is optional.
-ltype
local_id_type
and -lid
local_id
The
local_id_type
and
local_id
are the ID type and value the local
system sends to the remote system when negotiating an IKE SA. This
must match what is configured on the remote system. If the remote
system is an HP-UX system, this must also match information in the
certificate for the local system.
Acceptable Values: Table 5-1 lists the valid ID types and
corresponding ID values.
Table 5-1 ID Types and Values
ID Type ID Value
IPV4 IPv4 address in dotted-decimal notation for
the subject of the certificate (the system
associated with the certificate), as configured
in the subjectAlternativeName field of the
certificate.
IPV6 IPv6 address in colon-hexadecimal notation
for the subject of the certificate, as configured
in the subjectAlternativeName field of the
certificate.
FQDN Fully Qualified Domain Name (FQDN) for the
subject of the certificate, also known as
Domain Name Server or DNS name, such as
myhost.hp.com., as configured in the
subjectAlternativeName field of the
certificate.