Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
11121314151617181920
About This Document
This document describes how to install, configure, and troubleshoot HP-UX IPSec.
The latest version of this document can be found online at http://docs.hp.com.
Intended Audience
This document is intended for system and network administrators responsible for installing,
configuring, and managing HP-UX IPSec. Administrators are expected to have knowledge of
HP-UX and networking concepts, commands, and configuration.
This document is not a tutorial.
New and Changed Documentation in This Edition
The documentation reflects the following changes to the HP-UX IPSec product:
“IKE Policy Changes” (page 20)
“Support for IKE Version 2” (page 20)
“IKEv1 and IKEv2 Policies Replace IKE Policies” (page 20)
default IKEv1 and IKEv2 Policies” (page 20)
“The ipsec_config add ike Command Is Deprecated” (page 20)
“IKE DES Encryption Is Obsolete” (page 20)
“IKEv1 Perfect Forward Secrecy with Keys Only” (page 21)
“IKE Support for Multiple Hash, Encryption, and Group Values” (page 21)
“IKE Support for Diffie-Hellman Groups 5 and 14” (page 21)
“IKE Support for AES128-CBC Encryption” (page 21)
Authentication Record Changes” (page 21)
Authentication Records Are Mandatory” (page 21)
Authentication Records Specify the IKE (Key Management Protocol) Version” (page 22)
Authentication Records Include a Priority Value” (page 21)
Authentication Records Support the AUTOCONF Flag” (page 22)
Authentication Records Support Subtrees and Address Ranges for Remote ID Matching”
(page 22)
“Hexadecimal Storage for Preshared Key Values Starting with 0x” (page 22)
“Host and Tunnel Policy Changes” (page 22)
“Nested Transforms and DES Transforms Are Obsolete” (page 22)
“Support for Fallback to Clear in Host Policies” (page 22)
“Support for Multiple Source and Destination Arguments in Host and Tunnel Policies”
(page 23)
“Support for IP Address Ranges in Tunnel Policies” (page 23)
“Support for IP Address and Port Number Ranges in Host Policies” (page 23)
“Port Numbers and Services Are Ignored in Tunnel Policies” (page 23)
“Support for ICMPv4 and ICMPv6 Type Codes in Host Policies” (page 23)
“Certificate Changes” (page 23)
“The ipsec_config add cert Command is Deprecated” (page 23)
“Support for 4096 Bit Key Pairs for Certificates” (page 24)
“Support for PKCS#12 Certificates” (page 24)
“Certificate Retrieval from LDAP Directories” (page 24)
Intended Audience 19