HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 6: Configuring Authentication Records
Appendix F 311
Step 6: Configuring Authentication Records
If you are using manual keys, skip this step.
You must configure one authentication record for each Mobile Node. The
record must include the following specifications:
• The remote address (the -remote argument) must specify the Mobile
Node’s home address.
• The record must specify remote ID information (it must include
-rtype and -rid arguments).
• The local and remote ID type (-ltype and -rtype) must not be IPV6.
RFC 3775 specifies that the ID type must not be IPv6 addresses. HP
recommends that you specify USER-FQDN or FQDN for the remote ID
type.
• The exchange mode must be Aggressive Mode (-exchange AM).
In addition, the local system cannot initiate IKE Phase 1 negotiations
with Mobile IPv6 clients.
Syntax
ipsec_config add auth
auth_name
-remote
mn_home_addr
-exchange AM
-ltype
local_id_type
-lid
local_id
-rtype
remote_id_type
-rid
remote_id
[-preshared
preshared_key
]
auth_name
The
auth_name
user-defined name for the authentication record. This
name must be unique for each record and is case-sensitive.
Acceptable Values: 1 - 63 characters. Each character must be an ASCII
alphanumeric character, hyphen (-), or underscore (_).
-remote
mn_home_addr
The Mobile Node’s home address.