HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

numbers.

auth_key

The hexadecimal authentication key (preﬁxed by 0x). The

auth_key value must

match what is conﬁgured on the remote system.

Acceptable values: Hexadecimal digits, preﬁxed by 0x.

Type Default

MD5 32 hexadecimal digits (128 bits)

SHA-1 40 hexadecimal digits (160 bits)

enc_key

The hexadecimal encryption key (preﬁxed by 0x). This is required only for ESP.

The enc_key value must match what is conﬁgured on the remote system.

Acceptable values: Hexadecimal digits, preﬁxed by 0x.

Type Default

DES 16 hexadecimal digits (64 bits)

3DES 48 hexadecimal digits (192 bits)

AES128 32 hexadecimal digits (128 bits)

For DES and 3DES, HP-UX IPSec replaces the eighth bit of each byte with an odd

parity bit. The DES and 3DES algorithms use only the ﬁrst seven bits of each byte

for encryption.

iv Initialization Vector (IV) deﬁnition. Required only for SAs using

DES,

3DES,or

AES128

. Hexadecimal (preﬁxed by 0x), 64-bit initial block used for cipher block

chaining encryption. This must match what is conﬁgured on the remote system.

Range: 64 bits (16 hexadecimal digits), 0x0000000000000000 -

0xFFFFFFFFFFFFFFFF.

Default: 0x0000000000000000.

Examples

The local system (

10.1.1.1) is using a host-to-host tunnel with system

10.2.2.2

. Conﬁgure the tun-

nel to use ESP, with AES128 encryption and HMAC SHA-1 authentication.

ipsec_config add tunnel my_host_host_tunnel \

-tsource 10.1.1.1 -tdestination 10.2.2.2 \

-source 10.1.1.1 -destination 10.2.2.2 \

-action ESP_AES128_HMAC_SHA1

The local system (

3ffe::83ff:fef7:1111

) is a Mobile IPv6 Home Agent for the Mobile Node

3ffe::83ff:fef7:2222

. Conﬁgure the tunnel between the local system (Home Agent) and the

Mobile Node. This tunnel is used when forwarding Mobile IPv6 protocol packets (protocol MH) between

the Mobile Node and Correspondent Nodes. The tunnel uses manual keys for ESP, with AES128 encryp-

tion and HMAC SHA-1 authentication

ipsec_config add tunnel my_mipv6_tunnel \

-tsource 3ffe::83ff:fef7:2222 -tdestination 3ffe::83ff:fef7:1111 \

-source 0::0 -destination 3ffe::83ff:fef7:2222 \

-protocol MH \

-action ESP_AES128_HMAC_SHA1 \

-in ESP/2500010/0x1234567890123456789012345678901234567890\

/0x12345678901234567890123456789012/0x1234567890123456 \

-out ESP/2500011/0x0123456789012345678901234567890123456789\

/0x01234567890123456789012345678901/0x0123456789012345

AUTHOR

ipsec_config_add was developed by HP.

FILES

/var/adm/ipsec/config.db

conﬁguration database.

HP-UX IPSec A.02.01 − 32 − Hewlett-Packard Company 39