HP-UX IPSec version A.02.01 Administrator's Guide
5
• Tunnel endpoint address (-tsource and -tdestination)
parameters are no longer required in the ipsec_config add tunnel
command. If you do not specify a tunnel endpoint, HP-UX IPSec uses
the end-to-end source or destination address and prefix as the tunnel
endpoint address. If the end-to-end source or destination is a subnet,
the tunnel policy can be used to form multiple tunnels with different
endpoints.
• IKE now supports key identifiers as an IKE ID type when using
preshared keys with Aggressive Mode. The ipsec_config add auth
command now accepts KEY-ID for the local and remote ID type
options.
•The ipsec_report utility supports the following new options:
• -sa ike: The -sa ike option displays IKE SAs (Main Mode and
Aggressive Mode). (The -sa ike option replaces the -mad
option.)
• -sa ipsec: The -sa ipsec option displays IPSec SAs. (The -sa
ipsec option replaces the -sad option.)
• -sa [all]: The -sa all or -sa option displays IKE and IPSec
SAs (It is equivalent to specifying -sa ike and -sa ipsec.)
The ipsec_report options -mad and -sad are still supported, but
only for backwards compatibility and are not documented.
•The ipsec_config command now supports spaces in X.500
Distinguished Name (DN) specifications if the DN is enclosed by
double quotes (““). For example, “CN=Joe
Strummer,C=UK,O=Clampdown Corp,OU=Lab”.
The attributes in the DN are all optional, but you must specify at
least one.
• Information about the ipsec_config subcommands is now
documented in five HP-UX IPSec manpages: ipsec_config_add (1M),
ipsec_config_batch (1M), ipsec_config_delete (1M),
ipsec_config_export (1M), and ipsec_config_show (1M). The
ipsec_config (1M) contains general information about the
ipsec_config command and an overview of the configuration
procedure.