Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
311312313314315316317318319320
HP-UX IPSec and HP-UX Mobile IPv6
Step 5: Configuring IKE Policies
Appendix F308
the HostPolicy-Defaults section of the profile file (this policy will be the
last policy evaluated before the default policy). The default automatic
priority increment value (priority) is 10.
If this is the first IKE policy created, ipsec_config uses the automatic
priority increment value as the priority.
-authentication
authentication_type
The authentication_type is the primary authentication method HP-UX
IPSec will use when establishing the IKE SA. This must match the
method configured on the remote system.
Acceptable Values:
PSK (preshared key)
RSASIG (RSA signature using security certificates)
If you specify PSK, you must configure a preshared key using the
ipsec_config add auth command. If you specify RSASIG, you must use
security certificates. See Chapter 5,Using Certificates with HP-UX
IPSec,” on page 151 for information on using security certificates with
HP-UX IPSec.
Default: The value of the authentication parameter in the
IKE-Defaults section of the profile file used. The default authentication
parameter value is PSK.
-group 1|2
The group argument specifies the Oakley Group (sometimes referred to
as the Diffie-Hellman group) used to select initial Diffie-Hellman values.
This must match the Oakley Group configured on the remote system.
Acceptable Values:
1 (MODP, 768-bit exponent)
2 (1024-bit exponent)
Default: The value of the group parameter in the IKE-Defaults section
of the profile file used. The default group parameter value is 2.
-hash MD5|SHA1
The hash argument specifies the hash algorithm for authenticating IKE
messages. This must match the hash algorithm configured on the remote
system.