HP-UX IPSec version A.02.01 manpages
i
ipsec_config(1M) ipsec_config(1M)
(HP-UX IPSec Software Required)
gateway Gateway IPsec policies, which specify HP-UX IPSec behavior for processing IP
packets when the local system is a gateway. Use this option only when the local
system is an HP-UX Mobile IPv6 Home Agent.
host Host IPsec policies, which specify HP-UX IPSec behavior for processing IP packets
when the local system is an end host.
ike IKE policies
startup
General operating parameters, including the option to automatically start HP-UX
IPSec at system boot-up time.
tunnel
Tunnel IPsec policies, which specify IPsec tunnel transform parameters.
Configuring Objects
In most HP-UX IPSec topologies, you must configure the following objects:
• Host IPsec policies
• IKE policies
• Authentication records (for preshared keys and IKE ID information)
HP recommends that you use the following procedure to configure HP-UX IPSec:
1. Create a batch file to configure IPsec policies, IKE policies, and authentication information. If
you want to configure host-to-host IPsec policies and use IKE with preshared keys for IKE
authentication, create a batch file to contain the following statements:
add host
add ike
add auth
See the command subsection in ipsec_config_add(1M) for syntax and usage information.
If you are using HP-UX IPSec with certificates (RSA signatures) for IKE authentication, you
must also use the following
ipsec_config commands to configure certificates:
ipsec_config add cert
ipsec_config add crl
ipsec_config add csr
You must enter the above commands at the command-line prompt. (You cannot specify them in
an
ipsec_config batch file).
2. Test the syntax of your batch file by entering the following command:
ipsec_config batch batch_file -nocommit
The nocommit option verifies the syntax without adding objects to the database.
3. If the syntax is correct, add the configuration information to the configuration database by
entering the following command:
ipsec_config batch batch_file
4. Start and verify HP-UX IPSec. Use the following command to start HP-UX IPSec:
ipsec_admin -start
Generate network traffic that uses IPsec. Use the following command to verify operation:
ipsec_report -sa
Verify that HP-UX IPSec has created Security Associations (SAs) with the appropriate sys-
tems.
5. Use the
ipsec_config add startup command to configure HP-UX IPSec to automati-
cally start at system boot-up time.
ipsec_config Help
The
ipsec_config help displays help and usage information for the HP-UX IPSec config opera-
tions. Use the following syntax to access help:
ipsec_config help [operation [option_type ]]
6 Hewlett-Packard Company − 2 − HP-UX IPSec A.02.01