HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

value for

protocol

is ALL

/var/adm/ipsec/.ipsec_profile

-act

[ion] transform_list

A transform speciﬁes the IPsec authentication and encryption applied to packets using AH

(Authentication Header) and ESP (Encapsulation Security Payload) headers. A

transform_list

speciﬁes the transforms acceptable for packets using the policy. The HP-UX IPSec IKE dae-

mon proposes the transform_list when negotiating the transform for IPsec Security Associa-

tions (SAs) with a remote system.

The transform_list in a tunnel policy are tunnel transports applied to packets encapsulated

between the tunnel endpoints.

If you are using manual keys, the transform list can contain only one transform.

If you are using dynamic keys, the transform_list can contain:

• up to 8 ESP transforms

• up to 2 AH transforms

• 1 nested AH and ESP transform (ESP nested inside AH)

Use a comma to separate multiple transform speciﬁcations.

The order of transforms in the transform list is signiﬁcant. The ﬁrst transform is the most

preferable and the last transform is the least preferable. At least one transform must match a

transform conﬁgured on the remote system.

Default: The transform deﬁned for the action parameter in the

TunnelPolicy-Defaults

section of the proﬁle ﬁle used. The default action is

ESP_AES128_HMAC_SHA1

/var/adm/ipsec/.ipsec_profile

The format for each transform is:

transform_name[/lifetime_seconds[/lifetime_kbytes]]

where the following values are deﬁned:

transform_name

One of the following AH (Authentication Header) or ESP (Encapsulation Security

Payload) transform speciﬁcations, or a nested AH and ESP transform formed by

joining an AH transform and an ESP transform with a plus sign (

), for example,

AH_MD5+ESP_3DES_HMAC_MD5

AH_MD5

(AH, with 128-bit key Hashed Message Authentication Code using RSA

Message Digest-5, HMAC-MD5.)

AH_SHA1

(AH, with 160-bit key HMAC using Secure Hash Algorithm-1, HMAC-

SHA1.)

ESP_3DES_HMAC_MD5

(ESP with triple-DES CBC, three encryption iterations, each with a

different 56-bit key, 3DES-CBC, authenticated with HMAC-MD5.)

ESP_3DES_HMAC_SHA1

(ESP with triple-DES CBC, three encryption iterations, each with a

different 56-bit key, 3DES-CBC, authenticated with HMAC-SHA1.)

ESP_AES128_HMAC_MD5

(ESP with 128-bit Advanced Encryption Standard CBC, authenticated

with HMAC-MD5.)

ESP_AES128_HMAC_SHA1

(ESP with 128-bit Advanced Encryption Standard CBC, authenticated

with HMAC-SHA1.)

ESP_DES_HMAC_MD5

(ESP with 56-bit Data Encryption Standard, Cipher Block Chaining

Mode, authenticated with HMAC-MD5.)

ESP_DES_HMAC_SHA1

(ESP with 56-bit Data Encryption Standard, Cipher Block Chaining

HP-UX IPSec A.02.01 − 30 − Hewlett-Packard Company 37