HP-UX IPSec version A.02.01 Administrator's Guide
Quick Configuration Procedure and Tips
Step 2: Modifying the Configuration Batch File Template
Chapter 3 73
Step 2: Modifying the Configuration Batch
File Template
HP-UX IPSec provides the following configuration batch file templates in
the directory /var/adm/ipsec/templates:
• end-to-gateway
• end-to-tunnel
• host-to-host
• manual-keys
• mipv6
For a simple host-to-host topology, edit the batch file template
/var/adm/ipsec/templates/host-to-host as follows:
• Uncomment the appropriate configuration statements. At a
minimum, you must uncomment and configure the following items:
— Host IPsec policies. At a minimum, you must configure one host
IPsec policy. However, most client-server applications require
two host IPsec policies: one policy for service requests initiated
from the local system (the remote system is the server), and a
second policy for service requests initiate from the remote system
(the local system is the server).
— IKE policies. You must configure an IKE policy for each remote
system. You can specify remote subnet addresses using an
address prefix to use one IKE policy for multiple remote systems.
— Authentication records. Configure one authentication record for
each remote system. The authentication record contains the
preshared key used for IKE authentication.
• Replace the addresses and other parameters in angle brackets (<>)
with values that match your topology.
• Save the edited file under a different file name, such as
host1_batch.