HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

-preshared

preshared_key arguments if you specify

KEY-ID as the ID

type. The maximum length for

KEY-ID is 272 characters.

USER-FQDN

A User-Fully Qualiﬁed Domain Name in SMTP format, such as

user@myhost.hp.com

. If you are using RSA signatures (RSASIG) for IKE

authentication and the remote system is an HP-UX system, this must match

the user FQDN in the subjectAlternativeName

of the certiﬁcate for the local

system.

X500-DN

An X.500 Distinguished Name (DN). If you are using RSA signatures

(RSASIG) for IKE authentication and the remote system is an HP-UX system,

this must match the subjectDistinguishedName

or the subjectAlternativeName

of the certiﬁcate for the local system.

The DN consists of at least one of the following attributes:

CN=

commonName

C=country

O=organization

OU=

organizationalUnit

The attributes are all optional, but you must specify at least one. Use commas

to delimit multiple attributes. The order of the attributes is ignored and the

DN is not case sensitive. For example:

CN=host1,C=US,O=HP

If there are spaces in the DN, you must enclose the DN in double quotes (" ").

For example:

"CN=host1,C=US,O=Some Corp,OU=Blue Team"

The variables are deﬁned as follows:

commonName

The commonName of the DN in printable string format. The maximum

length is 64 characters.

country

The two-character ISO 3166-1 code for the country in the DN, for exam-

ple

US for United States of America.

organization

The organization of the DN, for example

Hewlett-Packard

. The

maximum length is 64 characters.

organizationalUnit

organizationalUnit for the DN, for example

Marketing. The maximum

length is 64 characters.

Default:Iflocal_id_type and local_id are not speciﬁed, HP-UX uses the IPv4

or IPv6 address of the interface the IKE daemon uses to communicate with the

remote system.

-rtype

remote_id_type

Speciﬁes the ID type used to verify the ID type sent by the remote system when negotiating an

IKE Security Association (IKE SA). You must conﬁgure a remote ID if you are using Agressive

Mode (-exchange AM

). This value must match what is conﬁgured on the remote system.

If HP-UX IPSec is the IKE responder in a Main Mode negotiation, the IKE daemon uses the

remote ID type and value as part of the veriﬁcation process by checking that the values in the

IKE ID payload match the remote ID type and value. If IKE is using certiﬁcates for authenti-

cation (the IKE authentication method is RSA Signatures), IKE also veriﬁes that values in the

peer’s certiﬁcate match the remote ID in the authentication record.

Acceptable values:

IPV4 IPv4 address.

IPV6 IPv6 address

HP-UX IPSec A.02.01 − 4 − Hewlett-Packard Company 11