HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

IPv4 0 - 32 32 (0 for all-zero addresses)

IPv6 0 - 128 128 (0 for all-zero addresses)

The default preﬁx is zero (0) if the address is all zeros.

Warning: Specifying a subnet address ﬁlter and a preshared key allows you to

conﬁgure a single preshared key for an entire subnet. However, HP strongly recom-

mends that you conﬁgure an individual authentication record for each remote sys-

tem with a unique preshared key.

-x

exchange AM

|MM

Speciﬁes the exchange type for the IKE Phase 1 negotiation. This must match what is

conﬁgured on the remote system.

Acceptable Values:

AM Aggressive Mode

Main Mode

Aggressive Mode is less secure than Main Mode because it does not provide identity

protection for the IKE peers (the IKE peers exchange identity information before

establishing a secure channel), but it is more efﬁcient.

The IKE protocol speciﬁcation requires implementors to support Main Mode but

does not require implementors to support Aggressive Mode.

Default: MM (Main Mode)

-ltype

local_id_type

Speciﬁes the ID type the local system sends to the remote system when negotiating an IKE

Security Association (IKE SA). This must match what is conﬁgured on the remote system.

Acceptable values:

IPV4

IPv4 address

IPV6

IPv6 address

FQDN Fully Qualiﬁed Domain Name, also known as Domain Name Service or DNS

name

KEY-ID

Character string

USER-FQDN

User-Fully Qualiﬁed Domain Name in Simple Mail Transfer Protocol (SMTP)

format

X500-DN

X.500 Distinguished Name or DN

Default:

IPV4, if the local system uses an IPv4 interface to communicate with the remote

system, or IPV6, if the local system uses an IPv6 interface to communicate with the remote

system.

-lid

local_id

Speciﬁes the local ID value, in the format speciﬁed by local_id_type.

For the speciﬁed local_id_type, the value of the local_id follows:

IPV4 An IPv4 address in dotted-decimal notation. If you are using RSA signatures

(RSASIG) for IKE authentication and the remote system is an HP-UX system,

this must match the IPv4 address in the subjectAlternativeName of the

certiﬁcate for the local system.

IPV6 An IPv6 address in colon-hexadecimal notation. If you are using RSA signa-

tures (RSASIG) for IKE authentication and the remote system is an HP-UX

system, this must match the IPv6 address in the subjectAlternativeName of

the certiﬁcate for the local system.

FQDN A Fully Qualiﬁed Domain Name, also known as Domain Name Service or DNS

name, such as myhost.hp.com. If you are using RSA signatures (RSASIG)

for IKE authentication and the remote system is an HP-UX system, this must

match the FQDN in the subjectAlternativeName of the certiﬁcate for the local

system.

KEY-ID A character string used by the peer to identify a preshared key for Aggressive

Mode negotiations. You must specify the -exchange AM and

10 Hewlett-Packard Company − 3 − HP-UX IPSec A.02.01