HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

FQDN Fully Qualiﬁed Domain Name, also known as Domain Name Service or DNS

name

KEY-ID Character string

USER-FQDN

User-Fully Qualiﬁed Domain Name in SMTP format

X500-DN X.500 Distinguished Name or DN

Default:

IPV4

, if the IKE daemon receives the IKE negotiation packets from an IPv4 inter-

face, or

IPV6

, if the IKE daemon receives the IKE negotiation packets from an IPv6 interface.

-rid

remote_id

Speciﬁes the remote ID value, in the format speciﬁed by remote_id_type. You must conﬁgure a

remote ID if you are using Agressive Mode (

-exchange AM

). This must match what is

conﬁgured on the remote system.

For remote_id_type, the value of the remote_id follows:

IPV4

An IPv4 address in dotted-decimal notation. If you are using RSA signatures

(RSASIG) for IKE authentication, this must match the IPv4 address in the

subjec-

tAlternativeName

of the remote system’s certiﬁcate.

IPV6

An IPv6 address in colon-hexadecimal notation. If you are using RSA signatures

(RSASIG) for IKE authentication, this must match the IPv6 address in the subjec-

tAlternativeName of the remote system’s certiﬁcate.

FQDN

A Fully Qualiﬁed Domain Name, also known as Domain Name Service or DNS

name, such as myhost.hp.com

. If you are using RSA signatures (RSASIG) for

IKE authentication, this must match the subjectAlternativeName of the remote

system’s certiﬁcate.

KEY-ID

Character string.

USER-FQDN

A User-Fully Qualiﬁed Domain Name in SMTP format, such as

user@myhost.hp.com

. If you are using RSA signatures (RSASIG) for IKE

authentication and the remote system is an HP-UX system, this must match the

user FQDN in the subjectAlternativeName of the certiﬁcate for the local system.

X500-DN

An X.500 Distinguished Name (DN). If you are using RSA signatures (RSASIG) for

IKE authentication and the remote system is an HP-UX system, this must match

the subjectDistinguishedName or the subjectAlternativeName of the certiﬁcate for

the local system.

The DN consists of at least one of the following attributes:

CN=commonName

C=country

O=organization

OU=organizationalUnit

The attributes are all optional, but you must specify at least one. Use commas to

delimit multiple attributes. The order of the attributes is ignored and the DN is not

case sensitive. For example:

CN=host1,C=US,O=HP

If there are spaces in the DN, you must enclose the DN in double quotes (" "). For

example:

"CN=host1,C=US,O=Some Corp,OU=Blue Team"

The variables are deﬁned as follows:

commonName

The commonName of the DN in printable string format. The maximum

length is 64 characters.

12 Hewlett-Packard Company − 5 − HP-UX IPSec A.02.01