HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg(1M) ipsec_conﬁg(1M)

(HP-UX IPSec Software Required)

NAME

ipsec_conﬁg - add, delete, export, and show HP-UX IPSec conﬁguration objects in the HP-UX IPSec

conﬁguration database

SYNOPSIS

ipsec_config add

object_type argument_list

ipsec_config batch

argument_list

ipsec_config delete

object_type argument_list

ipsec_config export -o

outﬁle [

-s source_file

]

ipsec_config help

[operation [object_type ]]

ipsec_config show

object_type argument_list

DESCRIPTION

The

ipsec_config command adds, deletes, exports, and shows HP-UX IPSec conﬁguration objects in

the HP-UX IPSec conﬁguration database,

/var/adm/ipsec/config.db

. If HP-UX IPSec is active

and running,

ipsec_config

also updates the HP-UX runtime IPSec policy database and runtime IKE

information (IKE policies and authentication records).

You must be superuser to run

ipsec_config.

The

ipsec_config utility can operate in command-line mode or batch mode. In command-line mode,

ipsec_config

reads all input from the command line. In batch mode,

ipsec_config reads add and

delete operations from a ﬁle. Batch mode allows administrators to add and delete multiple conﬁguration

objects in one operation. HP-UX IPSec processes the operations in a batch ﬁle as a group. Batch mode is

useful if you are adding or deleting conﬁguration records that may affect other records.

HP recommends that you use a batch ﬁle to add conﬁguration information. A batch ﬁle provides a per-

manent record of the conﬁguration data and can be used to re-create the conﬁguration database.

Separate

ipsec_config command arguments using whitespace (blanks, tabs or newlines). Use a

backslash (\) line continuation character to continue command input on subsequent lines.

Operations and Object Types

The

ipsec_config command supports the following operations:

add

object_type

See ipsec_conﬁg_add(1M) for more information.

batch

See ipsec_conﬁg_add(1M) for more information.

delete object_type

See ipsec_conﬁg_delete (1M) for more information.

export file

See ipsec_conﬁg_export (1M) for more information.

help

See Ipsec_conﬁg Help for more information.

show object_type

See ipsec_conﬁg_show(1M) for more information.

object_type can be one of the following:

auth Authentication records, which specify Internet Key Exchange (IKE) identity infor-

mation and preshared keys.

bypass Bypass addresses.

cert X.509 security certiﬁcates, used for IKE authentication with RSA signatures.

crl Certiﬁcate Revocation List (CRL). A CRL contains a list of revoked X.509 security

certiﬁcates. If you have a CRL, HP-UX IPSec check it during the IKE authentica-

tion process to verify that the remote system’s security certiﬁcate is valid (not

revoked).

csr Certiﬁcate Signing Request (CSR), which the HP-UX IPSec administrator can sub-

mit to a Certiﬁcate Authority (CA) to request a signed X.509 security certiﬁcate.

HP-UX IPSec A.02.01 − 1 − Hewlett-Packard Company 5