HP-UX IPSec Version A.03.00 Administrator's Guide
Cisco
HP-UX IPSec can interoperate with Cisco IOS IPsec implementations.
Version and Functionality
HP-UX IPSec has been successfully tested with the following Cisco product: Model 2821, version
12.4.
The following functionality was tested:
• IKEv1 using preshared key authentication for a host-to-gateway tunnel (HP-UX Host1 to
the Cisco router), with end-to-end clear text
Example
In the following topology, the HP-UX system with address 192.0.0.2 creates an IPsec tunnel to
the Cisco router with address 192.0.0.1. The HP-UX system uses the tunnel to communicate with
the host 192.1.1.2.
Figure B-1 End to Gateway Tunnel with Cisco Router
HP-UX IPSec Configuration
The HP-UX IPSec configuration on Host1 is as follows:
# ipsec_config add host hpux-2 -action pass \
-src 192.0.0.2 -dst 192.1.1.2 \
-tunnel cisco-tunnel
# ipsec_config add tunnel cisco-tunnel \
-tsrc 192.0.0.2 -tdst 192.0.0.1 \
-src 192.0.0.2 -dst 192.1.1.2 \
-action ESP_AES128_HMAC_SHA1
# ipsec_config add auth cisco -remote 192.0.0.1 \
-psk myKey
No HP-UX IPSec configuration is needed on Host2.
Cisco Configuration
The IOS configuration commands on the Cisco router are as follows.
Configure the IKE preshared key:
Router (config)# crypto isakmp key myKey address 192.0.0.2
Configure the IKE policy:
Router (config)# crypto isakmp policy 40
Router (config-isakmp)# group 2
Router (config-isakmp)# hash md5
Router (config-isakmp)# enc 3des
Router (config-isakmp)# auth pre-share
Router (config-isakmp)# exit
Define the IPsec transform for the tunnel (mode tunnel):
198 Interoperability