HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec Configuration Examples
Autoconfiguration Clients
Appendix D270
Client Configuration
The configuration is the same on each client, except for the local ID in
the authentication record. This section lists the configuration for the
system with local ID joe_s@corp.com.
Host Policy
The host policy on the client does not specify the AUTOCONF flag, because
you specify the AUTOCONF flag when the remote system is an
autoconfiguration client, not when the local system is an
autoconfiguration client.
add host server1 \
-destination 2001:db8:11:11::fefe:1111 \ (Server1 addr.)
-action ESP_AES128_HMAC_SHA1 \
IKE Policy
add ike server1 \
-remote 2001:db8:11:11::fefe:1111 \ (Server1 addr.)
-authentication pkey
Authentication Record
Each autoconfiguration client configures an authentication record with
its unique local ID. The IKE exchange type must be Aggressive Mode
(-exchange AM).
The record for system with local ID joe_s@corp.com is as follows:
add auth server1 \
-remote 2001:db8:11:11::fefe:1111 \(Server1 addr.)
-ltype USER-FQDN -lid joe_s@corp.com
-rtype FQDN -rid server1.corp.com
-exchange AM
-preshared secret1111