HP-UX IPSec version A.02.01 manpages
i
ipsec_config_add(1M) ipsec_config_add(1M)
(HP-UX IPSec Software Required)
Acceptable values:
PSK
preshared key
RSASIG
RSA signature using security certificates
If you specify
PSK
, you must configure a preshared key using the
ipsec_config add
auth
command. If you specify
RSASIG, you must use security certificates. Refer to the HP-
UX IPSec product manual for information on using security certificates with HP-UX IPSec.
Default: The value of the the authentication parameter in the
IKE-Defaults
section of the
profile file used . The default authentication parameter value is
PSK
in
/var/adm/ipsec/.ipsec_profile
.
-group 1
|
2
The Oakley Group (sometimes referred to as the Diffie-Hellman group) used to select initial
Diffie-Hellman values. This must match the Oakley Group configured on the remote system.
Acceptable values:
1 (MODP, 768-bit exponent) or
2 (1024-bit exponent).
Default: The value of the the
-group
parameter in the
IKE-Defaults section of the
profile file used. The default
-group
parameter value is
2 in
/var/adm/ipsec/.ipsec_profile
.
-hash MD5
|SHA
Specifies the hash algorithm for authenticating IKE messages. This must match the hash algo-
rithm configured on the remote system.
Acceptable values:
MD5
128-bit key Hashed Message Authentication Code using RSA Message Digest-
5, HMAC-MD5
SHA1
160-bit key HMAC using Secure Hash Algorithm-1, HMAC-SHA1
Default: The value of the the hash parameter in the IKE-Defaults section of the profile
file used. The default hash parameter value is
MD5 in
/var/adm/ipsec/.ipsec_profile
.
-enc[ryption
] DES|3DES
Specifies the encryption algorithm for encrypting IKE messages. This must match the encryp-
tion algorithm configured on the remote system.
Acceptable values:
DES
56-bit Data Encryption Standard, Cipher Block Chaining Mode, DES-CBC
3DES triple-DES CBC, three encryption iterations, each with a different 56-bit key,
3DES-CBC
Default: The value of the the encryption parameter in the IKE-Defaults section of the
profile file used. The default encryption parameter value is
3DES in
/var/adm/ipsec/.ipsec_profile
.
-life
lifetime_seconds
Specifies the maximum lifetime for the IKE SA, in seconds.
Range: 0 (infinite) - 4294967295 seconds (approximately 497102 days).
Default: 28,800 (8 hours).
-maxqm|
mq max_quick_modes
Specifies the maximum number of Quick Mode (QM) negotiations that IKE can perform for
each IKE SA. Each QM negotiation establishes one pair of IPsec SAs (one IPsec SA in each
direction).
If value of max_quick_modes is
l, IKE provides PFS for the IPsec SA keys and the identities of
the IKE negotiating parties. With PFS, the exposure of one key permits access only to data
protected by that key. When PFS is configured, the IKE daemon creates a new IKE SA for
each IPsec SA negotiation and performs a Diffie-Hellman exchange for each IPsec SA negotia-
tion.
Range: 1 - 255.
HP-UX IPSec A.02.01 − 24 − Hewlett-Packard Company 31