HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Transform Lifetimes.......................................................................................................................168

HP-UX IPSec Operation......................................................................................................................169

HP-UX IPSec Message Flow for Establishing SAs.........................................................................169

IKE Roles..................................................................................................................................169

IKEv1 IKE SAs..........................................................................................................................169

IKEv1 Main Mode...............................................................................................................170

IKEv1 Aggressive Mode......................................................................................................171

IPsec SAs Negotiated Using IKEv1 Quick Mode................................................................171

IKEv2 IKE and IPsec SA Message Flow...................................................................................172

Components...................................................................................................................................173

Outbound Data Processing............................................................................................................174

Query the Kernel Policy Engine...............................................................................................174

Query the Policy Manager Daemon for a Host Policy.............................................................174

Inbound Data Processing...............................................................................................................175

Processing Inbound Tunnel Packets.........................................................................................175

Establishing IKE and IPsec SAs.....................................................................................................175

Determining the IKE Version...................................................................................................176

IKEv1 Negotiations..................................................................................................................176

IKEv1 Main Mode Negotiations.........................................................................................176

IKEv1 Aggressive Mode Negotiations................................................................................178

IKEv1 Negotiations for IPsec SAs.......................................................................................179

IKEv2 Negotiations..................................................................................................................181

Initiator Sends Message 1....................................................................................................181

Responder Receives Message 1...........................................................................................181

Responder Sends Message 2...............................................................................................181

Initiator Receives Message 2...............................................................................................181

Initiator Sends Message 3....................................................................................................181

Responder Receives Message 3...........................................................................................182

Responder Sends Message 4...............................................................................................182

Initiator Receives Message 4...............................................................................................183

IKE and IPsec SA Proposals...........................................................................................................183

IPsec SA Packet Descriptors..........................................................................................................183

Host Policies.............................................................................................................................183

IKEv1...................................................................................................................................183

IKEv2...................................................................................................................................183

Tunnel Policies..........................................................................................................................184

IKEv1...................................................................................................................................184

IKEv2...................................................................................................................................184

Establishing Tunnel Security Associations....................................................................................184

ICMPv4 Message Processing....................................................................................................184

Syntax..................................................................................................................................185

ICMPv6 Message Processing....................................................................................................185

Syntax..................................................................................................................................186

B Interoperability...........................................................................................................187

Microsoft.............................................................................................................................................188

Versions and Functionalities..........................................................................................................188

Tips.................................................................................................................................................188

Additional Tips for Vista and Windows 2008..........................................................................188

Linux...................................................................................................................................................190

Version and Functionalities...........................................................................................................190

Configuration Example.................................................................................................................190

HP-UX IPSec Configuration.....................................................................................................190

Linux Configuration.................................................................................................................190

Table of Contents 11