HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

ipsec_config add host mkey_10.2.2.2 -source 10.1.1.1 \

-destination 10.2.2.2 \

-pri 160 -action ESP_AES128_HMAC_SHA1 \

-in ESP/2500001/0x1234567890123456789012345678901234567890\

/0x12345678901234567890123456789012/0x1234567890123456 \

-out ESP/2500002/0x0123456789012345678901234567890123456789\

/0x01234567890123456789012345678901/0x0123456789012345

Conﬁgure a host IPsec policy that uses manual keys for nested AH MD5 and ESP AES128 with HMAC-

SHA1 for all packets between local address

10.1.1.1

and remote address

10.2.2.2

ipsec_config add host mkey_10.2.2.2 -source 10.1.1.1 \

-destination 10.2.2.2 \

-pri 160 -action AH_MD5+ESP_AES128_HMAC_SHA1 \

-in AH/2500003/0x0123456789abcedf0123456789abcdef \

-in ESP/2500004/0x1234567890123456789012345678901234567890\

/0x12345678901234567890123456789012/0x1234567890123456 \

-out AH/2500005/0x123456789abcedf0123456789abcdef0 \

-out ESP/2500006/0x0123456789012345678901234567890123456789\

/0x01234567890123456789012345678901/0x0123456789012345

The local system (

3ffe::83ff:fef7:1111

) is a Mobile IPv6 Home Agent for the Mobile Node

3ffe::83ff:fef7:2222. Conﬁgure a host IPsec policy that uses manual keys for ESP, with AES128 encryption

and HMAC SHA-1 authentication for all Mobile IPv6 protocol packets (protocol MH) between the local

and the Mobile Node.

ipsec_config add host my_mipv6_mn -source 3ffe::83ff:fef7:1111 \

-destination 3ffe::83ff:fef7:2222 \

-proto MH \

-pri 200 -action ESP_AES128_HMAC_SHA1 -flags MIPV6 \

-in ESP/2500007/0x1234567890123456789012345678901234567890\

/0x12345678901234567890123456789012/0x1234567890123456 \

-out ESP/2500008/0x0123456789012345678901234567890123456789\

/0x01234567890123456789012345678901/0x0123456789012345

IPSEC_CONFIG ADD IKE COMMAND

Name

add ike - conﬁgure Internet Key Exchange (IKE) policies

Synopsis

ipsec_config add ike ike_policy_name

[-nocommit|

nc]

[

-prof[

ile] proﬁle_name]

-rem[ote

] ip_addr[/preﬁx]

[

-pri

[ority] priority_number]

[

-auth

[entication] PSK|RSASIG]

[

-group 1

[

-hash MD5

|SHA1]

[

-enc

[ryption] DES|3DES]

[

-life lifetime_seconds

]

[

-maxqm

|mq max_quick_modes

]

Description

Use the ipsec_config add ike

command to conﬁgure Internet Key Exchange (IKE) policies. HP-

UX IPSec uses the parameters in an IKE policy when establishing IKE Security Associations (SAs) with

remote systems. IPsec uses IKE SAs to negotiate IPsec SAs; an IKE SA must exist with a remote system

before IPsec can negotiate IPsec SAs.

Options and Operands

ike_policy_name

The user-deﬁned name for the IKE policy. This name must be unique for each IKE policy and

is case-sensitive.

Acceptable values: 1 - 63 characters. Each character must be an ASCII alphanumeric char-

acter, hyphen (

-), or underscore (_).

HP-UX IPSec A.02.01 − 22 − Hewlett-Packard Company 29