HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and Serviceguard
Step 5: Configuring Authentication Records for Certificates
Appendix G352
— You do not need to enter this argument if the cluster client is an
HP-UX system and is not multihomed. HP-UX IPSec will use
IPV4 as the ID type.
— If the cluster client is a multihomed HP-UX system, specify
IPV4.
— If the cluster client is not an HP-UX system, enter the value sent
by the cluster client.
•Local ID value (-lid): The IKE ID value sent by the cluster client.
— You do not need to enter this argument if the cluster client is an
HP-UX system and is not multihomed. HP-UX IPSec will use the
source IP address from the incoming packet as the ID value.
— If the cluster client is a multihomed HP-UX system, specify the
IP address in the subjectAlternativeName field of the cluster
client’s certificate.
— If the cluster client is not an HP-UX system, enter the value sent
by the cluster client.
• Remote ID type (-rtype): IPV4.
• Remote ID value(-rid): The IP address in the
subjectAlternativeName field of the certificate for the cluster.
Example
This example uses the same topology as the preshared key example, as
shown in Figure G-1 on page 327. The cluster has three nodes:
• Node1 (10.1.1.1 and 15.1.1.1)
• Node2 (10.2.2.2 and 15.2.2.2)
• Node3 (10.3.3.3 and 15.3.3.3)
The 10.*.*.* network is a dedicated heartbeat LAN. The 15.*.*.* network
is a shared heartbeat and data LAN.
The cluster also has two packages:
• pkgA (15.98.98.98)
• pkgB (15.99.99.99)
There are two package clients: