HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 5: Configuring IKE Policies
Appendix F 307
Step 5: Configuring IKE Policies
If you are using manual keys, skip this step.
If you are using IKE, configure at least one IKE policy for each Mobile
Node, or an IKE policy for a group of Mobile Node clients by specifying a
subnet address and prefix.
Syntax
ipsec_config add ike
ike_policy_name
-remote
mn_home_addr
[/
prefix
] [-priority
priority_number
]
[-authentication PSK|RSASIG]
[-hash MD5|SHA1] [-encryption DES|3DES]
[-life
lifetime_seconds
] [-maxqm|mq
max_quick_modes
]
ike_policy_name
The
ike_policy_name
is the user-defined name for the IKE policy. This
name must be unique for each IKE policy and is case-sensitive.
Acceptable Values: 1 - 63 characters. Each character must be an ASCII
alphanumeric character, hyphen (-), or underscore (_).
-remote
mn_home_addr
[/
prefix
]
The
mn_home_addr
is the Mobile Node home address. You can specify the
prefix
value (the prefix length in bits) to create a policy shared by
Mobile Nodes in the same subnet.
-priority
priority_number
The
priority_number
is the priority value HP-UX IPSec uses when
selecting an IKE policy (a lower priority value has a higher priority). The
priority must be unique for each IKE policy.
Range: 1 - 2147483647.
Default: If you do not specify a priority, ipsec_config assigns a priority
value that is set to the current highest priority value (lowest priority) for
IKE policies in the configuration data base, incremented by the
automatic priority increment value (priority) for IKE policies specified in