Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
201202203204205206207208209210
C Migrating from Previous Versions of HP-UX IPSec
This appendix provides information on migrating to the current version of HP-UX IPSec from
previous versions. This appendix contains the following sections:
“Pre-Installation Migration Instructions” (page 201)
“Post-Installation Migration Instructions” (page 201)
DES Compatibility
HP-UX IPSec version A.03.00 does not support DES encryption. The migration utility replaces
DES encryption in existing IKE, host, and tunnel policies with the default encryption algorithm
for the policy type. If you are using DES encryption, you must modify the configuration on all
peers to use alternate encryption algorithms.
NOTE: RFC 4772 deprecates DES. DES is susceptible to brute-force attacks.
Pre-Installation Migration Instructions
Before installing HP-UX IPSec version A.03.00, verify that your installation meets the following
conditions:
Your current HP-UX IPSec version is A.02.01 or A.02.01.01. If not, you must upgrade to
HP-UX A.02.01 or A.02.01.01 first. Refer to the HP-UX IPSec A.02.01 Administrator's Guide
(J4256-90015) for information on migrating from previous versions to A.02.01 or A.02.01.01.
HP-UX IPSec is not running. Enter the following command to stop HP-UX IPSec:
ipsec_admin -stop
Post-Installation Migration Instructions
The following sections describe migration procedures to perform after you have installed HP-UX
IPSec A.03.00.
Profile File
The default location for the HP-UX IPSec profile file is /var/adm/ipsec/.ipsec_profile.
If this file exists when you install HP-UX IPSec A.03.00, the installation script installs the A.03.00
profile file under the file name /var/adm/ipsec/.ipsec_profile.blank. When you run
the ipsec_migrate utility, ipsec_migrate saves the existing /var/adm/ipsec/
.ipsec_profile file in the /var/adm/ipsec/backup directory before moving the /var/
adm/ipsec/.ipsec_profile.blank file to /var/adm/ipsec/.ipsec_profile.
If you use customized settings in your profile file, edit the /var/adm/ipsec/
.ipsec_profile.blank file with your customized settings before running ipsec_migrate.
Configuration Database
To migrate an HP-UX IPSec A.02.01 policy configuration database, use the following procedure.
DES Compatibility 201