HP-UX IPSec Version A.03.00 Administrator's Guide
interface
{
ike {
MY_IP port 500;
};
spmd {
unix "/var/run/racoon2/spmif";
};
spmd_password "/usr/local/racoon2/etc/racoon2/spmd.pwd";
};
resolver
{
resolver off;
};
include "/usr/local/racoon2/etc/racoon2/default.conf";
include "/usr/local/racoon2/etc/racoon2/transport_ike.conf";
transport_ike.conf File
The contents of the transport_ike.conf file are as follows:
#########################
## /usr/local/racoon2/etc/racoon2/transport_ike.conf
remote ike_trans_remote {
acceptable_kmp { ikev1; };
ikev1 {
my_id ipaddr "${MY_IPADDRESS}";
peers_id ipaddr "${PEERS_IPADDRESS}";
peers_ipaddr "${PEERS_IPADDRESS}" port 500;
kmp_enc_alg { 3des_cbc; };
kmp_hash_alg { sha1; };
kmp_dh_group { modp1024; };
## Use Preshared Key
kmp_auth_method { psk; };
pre_shared_key "${PSKDIR}/${PRESHRD_KEY}";
};
selector_index ike_trans_sel_in; };
selector ike_trans_sel_out {
direction outbound;
src "${MY_IPADDRESS}";
dst "${PEERS_IPADDRESS}";
upper_layer_protocol "any";
policy_index ike_trans_policy;
};
selector ike_trans_sel_in {
direction inbound;
dst "${MY_IPADDRESS}";
src "${PEERS_IPADDRESS}";
upper_layer_protocol "any";
policy_index ike_trans_policy;
};
policy ike_trans_policy {
action auto_ipsec;
remote_index ike_trans_remote;
ipsec_mode transport;
ipsec_index { ipsec_esp; };
ipsec_level require;
};
FreeBSD 193