HP-UX IPSec Version A.03.00 Administrator's Guide
:
:
### Transport Mode Settings ###
# Your IP Address
MY_IPADDRESS "10.0.0.64";
# Peer's IP Address
PEERS_IPADDRESS "10.0.0.11";
:
:
};
default.conf File
The default.conf file installed with Racoon2 is used without modifications.
Configuration Example: IKEv2 Using Preshared Keys
The following configuration data is for an IKEv2 topology using preshared keys for end-to-end
IPsec SAs.
The address for the Free BSD 6.3 system is 10.0.0.65. The address for the HP-UX system is 10.0.0.11.
HP-UX IPSec Configuration
The ipsec_config batch file contains the following entries:
add host Bsd65 \
-src 10.0.0.11 -dst 10.0.0.65 -protocol all \
-action ESP_AES128_HMAC_SHA1
add ikev2 Bsd65 -rem 10.0.0.65 \
-group 2 -hash sha1 -enc 3des
add auth Bsd63Psk -rem 10.0.0.65 \
-kmp IKEV2 -psk myKey65
Racoon2 Configuration
The following Racoon 2 configuration files are located in the /usr/local/racoon2/etc/
racoon directory.
• racoon2.conf
• transport_ike.conf
• vals.conf
• default.conf
• test.psk (in the /usr/local/racoon2/etc/racoon/psk subdirectory)
racoon2.conf File
The racoon2.conf file has the same contents as the file used for IKEv1 with preshared keys.
See “racoon2.conf File” (page 192).
transport_ike.conf File
The transport_ike.conf has the same contents as the file used for IKEv1 with preshared
keys as shown in “transport_ike.conf File” (page 193), except for the remote ike_trans_remote
section. To use IKEv2, the remote ike_trans_remote section has the following contents:
remote ike_trans_remote {
acceptable_kmp { ikev2; };
ikev2 {
my_id ipaddr "${MY_IPADDRESS}";
196 Interoperability