HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

Default: 100.

Examples

Conﬁgure an IKE policy that speciﬁes RSA signature (security certiﬁcate) for IKE authentication and

Oakley Group 2 (1024-bit exponent).

ipsec_config add ike apple -remote 10.1.1.1 -pri 10 -auth RSASIG -group 2

Conﬁgure an IKE policy for all other system in the local network (

10.*.*.*) that speciﬁes preshared

keys for IKE authentication:

ipsec_config add ike all_others -remote 10.0.0.0/8 -pri 100 -auth PSK

IPSEC_CONFIG ADD STARTUP COMMAND

Name

add startup

- specify general operating parameters and conﬁgure HP-UX IPSec to automatically start

at system boot-up

Synopsis

ipsec_config add start

[up

]

[

-auto[

boot]

ON|OFF

]

[

-auditlvl|

al audit_level ]

[

-auditdir|

ad audit_directory]

[

-maxsize|ms

max_size]

[

-spi_min spi_min_value]

[-spi_max spi_max_value]

[

-spd_soft spd_soft_limit]

[

-spd_hard spd_hard_limit]

Description

Use the

ipsec_config add startup

command to specify general operating parameters and to

conﬁgure HP-UX IPSec to automatically start at system boot-up time. The general operating parameters

will be used when HP-UX IPSec is started at boot-up time or when the

ipsec_admin -start com-

mand is entered. (If you change the general operating parameters, the changes do not take effect until

the next time HP-UX IPSec starts.) Administrators can override the conﬁgured general operating param-

eters using arguments in the

ipsec_admin -start command line.

Options and Operands

The

ipsec_config add startup

command recognizes the following options and operands:

-auto[boot

] ON|OFF

Conﬁgure HP-UX to automatically at system boot-up time.

Acceptable values:

OFF

(HP-UX IPSec does not automatically start at boot-up time) or

(HP-UX IPSec automatically starts at boot-up time).

Default: The value of the

-autoboot parameter in the

StartUp-Defaults

section of the

proﬁle ﬁle used. The default

-autoboot

value is OFF in

/var/adm/ipsec/.ipsec_profile

-auditlvl

|al audit_level

Speciﬁes the audit level for the HP-UX IPSec subsystem. Valid audit levels are listed below, in

ascending order:

ALERT

ERROR

WARN[

ING]

INFO[RMATIVE]

DEBUG

Higher audit levels include all lower levels.

Default: If you do not specify audit_level , the default is the level speciﬁed for the audit

parameter in the

StartUp-Defaults section of the proﬁle ﬁle used . The default audit

level is ERROR, which includes ALERT in /var/adm/ipsec/.ipsec_profile.

Refer to ipsec_admin (1M) for descriptions of the audit levels.

32 Hewlett-Packard Company − 25 − HP-UX IPSec A.02.01