Manualshelf

HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
i
ipsec_config(1M) ipsec_config(1M)
(HP-UX IPSec Software Required)
EXAMPLES
You have two systems, Apple (
10.1.1.1) and Banana (
10.2.2.2). Apple and Banana are not mul-
tihomed. You want to secure all telnet packets between the two systems using ESP with AES, authenti-
cated with SHA-1. This is a private network, and you will allow all other packets to pass in clear text.
On Apple, you configure:
Two host IPsec policies
One IKE policy
One authentication record
The first host IPsec policy, telnetAB, secures outbound telnet connections (Apple is the telnet client). You
do not need to specify the source argument, since it will default to any IP address and any port, and the
telnet client port number is dynamically allocated. The second policy, telnetBA, secures inbound telnet
connections (Apple is the telnet server).
ipsec_config add host telnetAB -destination 10.2.2.2/32/TELNET \
-priority 20 -action ESP_AES128_HMAC_SHA1
ipsec_config add host telnetBA -source 10.1.1.1/32/TELNET \
-destination 10.2.2.2 \
-priority 30 -action ESP_AES128_HMAC_SHA1
The IKE policy specifies that IKE uses preshared key authentication to
10.2.2.2
(Banana):
ipsec_config add ike banana -remote 10.2.2.2 -authentication psk
The authentication record specifies the preshared key value used with
10.2.2.2 (Banana):
ipsec_config add auth banana -remote 10.2.2.2 \
-preshared apple_banana_key
The configuration on Banana is the mirror image of the configuration on Apple:
ipsec_config add host telnetAB -source 10.2.2.2/32/TELNET \
-destination 10.1.1.1 \
-priority 20 -action ESP_AES128_HMAC_SHA1
ipsec_config add host telnetBA -destination 10.1.1.1/32/TELNET \
-priority 30 -action ESP_AES128_HMAC_SHA1
ipsec_config add ike apple -remote 10.1.1.1 -authentication psk
ipsec_config add auth apple -remote 10.1.1.1 \
-preshared apple_banana_key
AUTHOR
ipsec_config
was developed by HP.
FILES
/var/adm/ipsec/config.db
configuration database.
/var/adm/ipsec/.ipsec_profile
default ipsec_config
profile file.
SEE ALSO
ipsec_admin(1M), ipsec_config_add(1M), ipsec_config_batch(1M), ipsec_config_delete(1M),
ipsec_config_export(1M), ipsec_config_show(1M), ipsec_migrate(1M), ipsec_policy(1M), ipsec_report(1M).
HP-UX IPSec A.02.01 3 Hewlett-Packard Company 7