HP-UX IPSec version A.02.01 Administrator's Guide
4
• HP-UX IPSec supports a new command: ipsec_config export.
This command exports the contents of the configuration database to
a batch file that you can use as input for the ipsec_config batch
command. The command can also take the output from the
ipsec_config show all command and create a batch file.
• HP-UX IPSec no longer includes Java runtime components. You
must now install the Java Runtime Environment (JRE) version 1.4
or later to use the ipsec_migrate and ipsec_config add crl
commands, and the /var/adm/ipsec_gui/cron/crl.cron script
file. JRE version 1.4 is included with HP-UX 11i version 2 (B.11.23)
by default.
HP-UX IPSec searches for the Java runtime components in the
directory /opt/java1.4. If you install the JRE in another directory,
you must set the JAVA_HOME environment variable to the appropriate
location.
•The ipsec_config command no longer allows you to configure
transforms for Encapsulated Security Protocol (ESP) without
authentication. You cannot configure the following transforms:
— ESP_AES128
— ESP_DES
— ESP_3DES
Existing policies that use the above transforms will continue to
operate, but HP strongly recommends that you replace them with
ESP transforms that also provide authentication, such as
ESP_AES128_HMAC_SHA1.
If you have specified any of the above transforms in an
ipsec_config
profile file entry, you must change the entry to contain a legal
transform, such as ESP_AES128_HMAC_SHA1.
• The syntax of the ipsec_migrate utility has changed. The new syntax
is as follows:
ipsec_migrate [-p
policy_file_name
]
• ISAKMP/Main Mode (ISAKMP/MM) Security Associations (SAs) are
now referred to as IKE SAs. The term “Main Mode” is used only
when needed to distinguish the type of exchange mode used to
negotiate the IKE SA.