HP-UX IPSec version A.02.01 manpages

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ipsec_conﬁg_add(1M) ipsec_conﬁg_add(1M)

(HP-UX IPSec Software Required)

NAME

ipsec_conﬁg_add - add HP-UX IPSec conﬁguration objects in the HP-UX IPSec conﬁguration database

SYNOPSIS

ipsec_config add

object_type argument_list

DESCRIPTION

The

ipsec_config add

command conﬁgures objects in the database. The following

ipsec_config

add

commands are described in more detail in the Options and Operands section below.

add auth

Conﬁgure authenthication records, which specify IKE identities and preshared keys.

add bypass

Conﬁgure entries in the HP-UX IPSec bypass list.

add cert

Add a certiﬁcate for the local system to the HP-UX IPSec storage scheme.

add crl

Add a Certiﬁcate Revocation List (CRL) to the HP-UX IPSec storage scheme.

add_csr

Create a Certiﬁcate Signing Request (CSR) for the local system.

add gateway

Conﬁgure gateway IPsec policies for HP-UX Mobile IPv6 Home Agents.

add host

Conﬁgure host IPsec policies.

add ike Conﬁgure Internet Key Exchange (IKE) policies.

add startup

Specify general operating parameters, including the option to automatically start HP-UX

IPSec at system boot-up time.

add tunnel

Conﬁgure tunnel IPsec policies.

Options and Operands

IPSEC_CONFIG ADD AUTH COMMAND

Name

add auth

- conﬁgure authenthication records, which specify IKE identity and preshared keys

Synopsis

ipsec_config add auth auth_name [

-nocommit|

nc]

-rem[ote

] ip_address [/preﬁx][

-x

|exchange AM

|MM]

[

-ltype local_id_type

-lid

local_id ]

[

-rtype

remote_id_type

-rid remote_id]

[

-preshared

|psk preshared_key]

Description

Authentication records contain preshared key and IKE identiﬁcation information. You must conﬁgure

authentication records in the following topologies:

• Topologies that use preshared keys for IKE authentication.

• Topologies that use Aggressive Mode for IKE Phase 1 negotiations.

• Topologies that use security certiﬁcates and RSA signatures (RSASIG) with multi-homed systems

(local or remote).

• Topologies that use security certiﬁcates and RSA signatures (RSASIG) with remote systems that

do not use IP addresses for IKE IDs. (HP-UX systems use IP addresses for IKE IDs by default.)

You do not have to conﬁgure authentication records in the following topologies:

• Topologies that use only manual keys.

• Topologies that use only security certiﬁcates and RSA signatures (RSASIG) for IKE authentica-

tion, and the local and remote systems are not multi-homed, use Main Mode, and use IPv4 or

IPv6 addresses for the IKE ID type.

8 Hewlett-Packard Company − 1 − HP-UX IPSec A.02.01