HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Banana Configuration....................................................................................................................207

Subnet ESP with Exceptions...............................................................................................................208

Carrot Configuration.....................................................................................................................208

Host IPsec Policies....................................................................................................................208

Policy Priority......................................................................................................................209

Authentication Records............................................................................................................209

IKEv1 Policy.............................................................................................................................209

Certificates................................................................................................................................209

Host to Gateway..................................................................................................................................210

Blue Configuration........................................................................................................................210

Host IPsec Policy......................................................................................................................210

Tunnel IPsec Policy...................................................................................................................210

Authentication Record.............................................................................................................210

IKEv1 Policy.............................................................................................................................210

Autoconfiguration Clients..................................................................................................................211

Server1 Configuration....................................................................................................................211

Host Policy................................................................................................................................211

Authentication Records............................................................................................................211

IKE Policy.................................................................................................................................212

Client Configuration......................................................................................................................212

Host Policy................................................................................................................................212

Authentication Record.............................................................................................................212

IKE Policy.................................................................................................................................212

E HP-UX IPSec and HP-UX IPFilter................................................................................213

Using HP-UX IPSec with HP-UX IPFilter...........................................................................................214

IPsec Packets..................................................................................................................................214

Upper Layer Information...............................................................................................................214

IPsec Tunnels and End to Gateway Topologies.............................................................................214

Example.........................................................................................................................................214

F Using Manual Keys....................................................................................................215

Configuring Manual Key SAs.............................................................................................................216

Manual Key Policy Restrictions.....................................................................................................216

Selecting Encryption Keys.............................................................................................................216

Using the HP-UX Strong Random Number Generator.................................................................216

Manual Key Configuration Example.............................................................................................218

Dog Configuration....................................................................................................................218

Cat Configuration.....................................................................................................................218

Troubleshooting Manual Key Problems.............................................................................................219

Symptoms......................................................................................................................................219

Solutions........................................................................................................................................219

SADB_ADD for SPI 0xnnnn returns EEXIST ..............................................................219

Invalid SADB_ADD ...................................................................................................................219

STREAMS Logging Messages and Additional Audit File Entries................................................219

Examining STREAMS Logging Records..................................................................................220

Examining Additional Audit Entries.......................................................................................220

G HP-UX IPSec and Serviceguard...............................................................................221

Introduction........................................................................................................................................222

Using HP-UX IPSec with Serviceguard.........................................................................................222

Client Failover Detection..........................................................................................................223

Table of Contents 13