HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and Serviceguard
Configuration Overview
Appendix G 331
Configuration Steps
When configuring HP-UX IPSec for Serviceguard, configure HP-UX
IPSec using an ipsec_config batch file according to the instructions in
Chapter 4, “Configuring HP-UX IPSec,” on page 89 on one cluster node.
Additional configuration requirements are listed below and described in
the following sections. After you have verified the HP-UX IPSec
configuration on one node, copy the configuration files to the other
cluster nodes.
After you have configured HP-UX IPSec, configure Serviceguard as
described in the Serviceguard product documentation.
The general procedure for configuring HP-UX IPSec with Serviceguard is
listed below:
• “Step 1: Configuring a Common HP-UX IPSec Password” on
page 333
Configure the same HP-UX IPSec password on all systems in the
Serviceguard cluster if you are using certificate-based IKE
authentication.
• “Step 2: Configuring HP-UX Host IPsec Policies for Serviceguard” on
page 334
— You must ensure that HP-UX IPSec allows Serviceguard
heartbeat messages pass in clear text to avoid unnecessary
cluster reformations. Configure HP-UX IPSec to allow all traffic
between the heartbeat IP addresses to pass in clear text.
— If you are using optional Serviceguard features such as Quorum
Server or ServiceGuard Manager, you must configure HP-UX
IPSec so it does not discard control messages for these services.
• “Step 3: Configuring HP-UX IPSec IKE policies” on page 346
Configure IKE policies that include the Serviceguard package
addresses and client addresses.
• “Step 4: Configuring Authentication Records for Preshared Keys” on
page 347
The authentication records contain the preshared key values and
may include IKE ID information.
• “Step 5: Configuring Authentication Records for Certificates” on
page 350