HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 5: Configuring IKE Policies
Appendix F 309
Acceptable Values:
MD5 (128-bit key Hashed Message Authentication Code using RSA
Message Digest-5, HMAC-MD5)
SHA1 (160-bit key HMAC using Secure Hash Algorithm-1,
HMAC-SHA1)
Default: The value of the hash parameter in the IKE-Defaults section of
the profile file used. The default hash parameter value is MD5.
-encryption
encryption_algorithm
The
encryption_algorithm
is
the encryption algorithm for encrypting IKE messages. This must match
the encryption algorithm configured on the remote system.
Acceptable Values:
DES (56-bit Data Encryption Standard, Cipher Block Chaining Mode,
DES-CBC)
3DES (triple-DES CBC, three encryption iterations, each with a
different 56-bit key, 3DES-CBC)
Default: The value of the encryption parameter in the IKE-Defaults
section of the profile file used. The default encryption parameter value
is 3DES.
-life
lifetime_seconds
The
lifetime_seconds
is the maximum lifetime for the IKE SA, in
seconds.
Range: 0 (infinite), or 600 - 4294967294 seconds (approximately 497102
days).
Default: 28,800 (8 hours).
-maxqm
max_quick_modes
The
max_quick_modes
is the maximum number of IPsec SA negotiations
that IKE can perform using an IKE SA. Each IPsec SA negotiation
establishes two IPsec SAs (one in each direction).
If the value of
max_quick_modes
is 1, IKE provides Perfect Forward
Secrecy (PFS) for the IPsec SA keys and the identities of the IKE
negotiating parties (and identities of any parties for which the IKE
parties are acting as proxies). With PFS, the exposure of one key permits