Manualshelf

HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
21222324252627282930
i
ipsec_config_add(1M) ipsec_config_add(1M)
(HP-UX IPSec Software Required)
Refer to the spi_min and spi_max parameters for the
ipsec_config add startup
command for more information on the range for dynamic key SPI numbers.
auth_key
The hexadecimal authentication key (prefixed by
0x
). The auth_key value must match
what is configured on the remote system.
Acceptable values: Hexadecimal digits, prefixed by
0x
.
Type Default
MD5 32 hexadecimal digits (128 bits)
SHA-1 40 hexadecimal digits (160 bits)
enc_key
The hexadecimal encryption key (prefixed by
0x). This is required only for ESP. The
enc_key value must match what is configured on the remote system.
Acceptable values: Hexadecimal digits, prefixed by
0x
.
Type Default
DES 16 hexadecimal digits (64 bits)
3DES 48 hexadecimal digits (192 bits)
AES128 32 hexadecimal digits (128 bits)
For DES and 3DES, HP-UX IPSec replaces the eighth bit of each byte with an odd parity
bit. The DES and 3DES algorithms use only the first seven bits of each byte for encryp-
tion.
iv Initialization Vector (IV) definition. Required only for SAs using
DES
, 3DES,or
AES128.
Hexadecimal (prefixed by 0x), 64-bit initial block used for cipher block chaining encryp-
tion. This must match what is configured on the remote system.
Range: 64 bits (16 hexadecimal digits),
0x0000000000000000 -
0xFFFFFFFFFFFFFFFF.
Default:
0x0000000000000000.
Examples
Configure a host IPsec policy that requires all outbound rlogin sessions (where the local system is an rlo-
gin client) to use ESP, with AES128 encryption and HMAC SHA-1 authentication.
ipsec_config add host rlogin_out -destination 0.0.0.0/0/RLOGIN \
-pri 100 -action ESP_AES128_HMAC_SHA1
Configure a host IPsec policy that requires all telnet requests (where the local system is the telnet server)
from subnet 10.0.0.0 to use ESP, with AES128 encryption and HMAC SHA-1 authentication.
ipsec_config add host telnet_in -source 0.0.0.0/0/TELNET \
-destination 10.0.0.0/8 \
-pri 110 -action ESP_AES128_HMAC_SHA1
Configure a host IPsec policy for an application that listens for requests on local TCP port
50000
.
The policy requires all packets connecting to the application to use AH with HMAC SHA-1 authentica-
tion.
ipsec_config add host my_app -source 0.0.0.0/0/50000 \
-protocol TCP -pri 140 -action AH_SHA1
The local system (
10.1.1.1) is using an host-to-host tunnel with system
10.2.2.2. Configure a host
IPsec policy that references the tunnel policy
my_host_host_tunnel and specifies clear text (no
transform) for the transport (end-to-end) transform. The command used to configure the tunnel
my_host_host_tunnel is listed in the examples for the ipsec_config add tunnel command.
ipsec_config add host to_orange -source 10.1.1.1 \
-destination 10.2.2.2 -tunnel my_host_host_tunnel -action pass
Configure a host IPsec policy that uses manual keys for ESP, with AES128 encryption and HMAC SHA-1
authentication for all packets between local address 10.1.1.1 and remote address 10.2.2.2.
28 Hewlett-Packard Company 21 HP-UX IPSec A.02.01