Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
919293949596979899100
double-colon (::) notation within a specified IPv6 address to denote a number of zeros (0) within
an address. The address must be a unicast address.
Default: None.
prefix
The prefix is the prefix length, or the number of leading bits that must match when comparing
the remote address with ip_addr.
For IPv4 addresses, a prefix length of 32 bits indicates that all the bits in the addresses must
match.
For IPv6 addresses, a prefix length of 128 bits indicates that all the bits in the addresses must
match.
A prefix length of 0 bits matches all addresses.
Range: 0 - 32 for an IPv4 address; 0 - 128 for an IPv6 address.
Default: 32 if ip_addr is a non-zero IPv4 address, 128 if ip_addr is a non-zero IPv6 address,
or 0 (match any address) if ip_addr is an all-zeros address (0.0.0.0 or 0::0).
-group group_number
The group argument specifies the Diffie-Hellman group used to select initial Diffie-Hellman
values. You can specify multiple group_number values, delimited by commas and no spaces,
in descending order of preference. At least one group number must match a Diffie-Hellman
group number configured on the remote system.
HP recommends that you do not use group 1 unless you are required to for compatibility reasons.
For efficiency when negotiating IKE SAs, HP recommends that you specify the group that is
most commonly used in your network first, other than group 1.
Valid Values:
1 (MODP, 768-bit exponent)
2 (MODP, 1024-bit exponent)
5 (MODP, 1536-bit exponent)
14 (MODP, 2048-bit exponent)
Default: The value of the group parameter in the IKEV2Policy-Defaults section of the profile
file used. The default group parameter value is 2 in /var/adm/ipsec/.ipsec_profile.
-hash hash_algorithm
The hash argument specifies the hash algorithm for authenticating IKEv2 messages. You can
specify multiple hash_algorithm values, delimited by commas and no spaces, and specified
in descending order of preference. At least one hash algorithm must match a hash algorithm
configured on the remote system.
Valid Values:
AES-XCBC (96-bit key using Advanced Encryption Standard Extended Cipher Block Chaining
mode Message Authentication Code, AES96-XCBC-MAC)
HMAC-MD5 (128-bit key HMAC using Message Digest 5, HMAC-MD-5)
HMAC-SHA1 (160-bit key HMAC using Secure Hash Algorithm-1, HMAC-SHA1)
Default: The value of the hash parameter in the IKEV2Policy-Defaults section of the profile file
used. The default hash parameter value is HMAC-SHA1 in /var/adm/ipsec/
.ipsec_profile.
-encryption encryption_algorithm
The encryption_algorithm is the encryption algorithm for encrypting IKEv2 messages. You
can specify multiple encryption_algorithm values, delimited by commas and no spaces,
100 Configuring HP-UX IPSec