HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec Configuration Examples
Manual Keys
Appendix D 271
Manual Keys
You want to secure rlogin sessions from the system Dog (10.2.2.2) to
the system Cat (10.4.4.4) using manual keys. There is no configuration
for rlogin sessions from Cat to Dog; these sessions will use the default
host IPsec policy and pass in clear text.
Dog Configuration
The ipsec_config batch file on Dog contains only one host IPsec policy.
The -in substatement specifies the parameters for the inbound SA: the
type of IPsec header (ESP), the SPI Security Parameters Index
(2500004), the 128-bit AES key, and the 160-bit SHA-1 key. The -out
substatement specifies the parameters for the outbound SA.
No IKE policy or authentication record is required because you are using
manual keys.
add host rlog_dog_to_cat -source 10.2.2.2 \
-destination 10.4.4.4/32/RLOGIN \
-action ESP_AES128_HMAC_SHA1 \
-in ESP/2500004/\
0x0123456789012345678901234567890123456789/\
0x12345678901234567890123456789012 \
-out ESP/2500003/\
0x1234567890123456789012345678901234567890/\
\0x12345678901234567890123456789012
Cat Configuration
The ipsec_config batch file on Cat is the mirror image of the batch file
on Dog. The administrator created the batch file by copying the batch file
from Dog and swapping the source and destination option names
(-source and -dst), and swapping the inbound and outbound SA option
names (-in and -out).