HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Configuration Overview.....................................................................................................................224

Requirements.................................................................................................................................224

Serviceguard Heartbeat Requirement and Recommendation......................................................224

Configuration Steps.......................................................................................................................224

Step 1: Configuring HP-UX Host IPsec Policies for Serviceguard......................................................226

Overview........................................................................................................................................226

Determining Serviceguard Cluster Information...........................................................................226

Configuring Host IPsec Policies for Package Addresses...............................................................226

Configuring PASS Host IPsec Policies for Intracluster Messages.................................................227

Private Dedicated Heartbeat Networks...................................................................................227

Configuring Host IPsec Policies for External Access.....................................................................227

Serviceguard Quorum Server...................................................................................................228

Cluster Node IPsec Policies for Quorum Server.................................................................228

Quorum Server IPsec Policies.............................................................................................228

Remote Command Execution...................................................................................................228

Cluster Node IPsec Policies for Remote Command Execution...........................................228

Remote Command Client Host IPsec Policies....................................................................229

Serviceguard Manager Plug-in Version...................................................................................229

Cluster Node Host IPsec Policies for Serviceguard Manager Plug-in Version...................229

SMH Management Station Host IPsec Policies...................................................................230

Serviceguard Manager Standalone Version.............................................................................230

Cluster Node Host IPsec Policies for Serviceguard Manager Standalone Version............230

Standalone Serviceguard Manager Host IPsec Policies......................................................231

WBEM Access...........................................................................................................................231

Cluster Node Host IPsec Policies for Secure WBEM Access..............................................231

Cluster Node Host IPsec Policies for Non-Secure WBEM Access......................................231

Secure WBEM Client Host IPsec Policies............................................................................231

Non-Secure WBEM Client Host IPsec Policies...................................................................231

Cluster Object Manager (COM)...............................................................................................232

Cluster Node Host IPsec Policies for COM.........................................................................232

COM System Host IPsec Policies........................................................................................232

Consolidated Log (clog).........................................................................................................232

Cluster Node Host IPsec Policies for Consolidated Log.....................................................232

SMH Management Station Host IPsec Policies...................................................................233

Summary: Serviceguard Port Numbers and Protocols.................................................................233

Step 2: Configuring HP-UX IPSec IKE policies...................................................................................235

Cluster IKE policies.......................................................................................................................235

Cluster Client IKE policies.............................................................................................................235

Step 3: Configuring Authentication Records for Preshared Keys......................................................236

Preshared Key Configuration on Cluster Nodes...........................................................................236

Preshared Key Configuration on Client Nodes.............................................................................236

Example.........................................................................................................................................236

Authentication Records on Cluster Nodes...............................................................................236

Authentication Records on Client1..........................................................................................237

Authentication Records on Client2..........................................................................................237

Preshared Keys Configuration on Cluster Nodes....................................................................237

Preshared Keys Configuration on Client1...............................................................................237

Preshared Keys Configuration on Client2...............................................................................238

Step 4: Configuring Authentication Records for Certificates.............................................................239

Certificates.....................................................................................................................................239

Authentication Records and IKE ID Information..........................................................................239

Cluster Node............................................................................................................................239

Cluster Clients..........................................................................................................................240

Example.........................................................................................................................................240

Authentication Records on Cluster Nodes...............................................................................240

14 Table of Contents