Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
201202203204205206207208209210
-destination 15.2.2.2/32/TELNET \
-priority 20 -action ESP_AES128_HMAC_SHA1
add host telnetBA \
-source 15.1.1.1/32/TELNET \
-destination 15.2.2.2 \
-priority 30 -action ESP_AES128_HMAC_SHA1
Authentication Record with Preshared Key
You must configure the preshared key to use when Apple authenticates system Banana’s identity
and to authenticate Apple’s identity to Banana. The ipsec_config batch file entry is listed
below:
add auth banana -remote 15.2.2.2 -preshared apple_banana_key
IKEv1 Policy
You use the default IKEv1 policy without modifications.
Banana Configuration
The configuration on Banana is the mirror-image of the configuration on Apple. The administrator
created the host IPsec policies by copying the host policies from Apple, changing the name and
swapping the -source and -destination option names. The remote address for the IKE
policy and authentication record is 15.1.1.1 (Apple’s IP address) and the preshared key matches
the key configured on Apple for Banana. The ipsec_config batch file is listed below:
# Host Policies
add host telnetAB -destination 15.1.1.1 \
-source 15.2.2.2/32/TELNET \
-priority 20 -action ESP_AES128_HMAC_SHA1
add host telnetBA -destination 15.1.1.1/32/TELNET \
-source 15.2.2.2 \
-priority 30 -action ESP_AES128_HMAC_SHA1
# Auth record with preshared key
add auth apple -remote 15.1.1.1 -preshared apple_banana_key
Host to Host telnet 207