HP-UX IPSec Version A.03.00 Administrator's Guide
Manual Key Configuration Example
You want to secure rlogin sessions from the system Dog (10.2.2.2 ) to the system Cat
(10.4.4.4 ) using manual keys. There is no configuration for rlogin sessions from Cat to Dog;
these sessions will use the default host IPsec policy and pass in clear text.
Dog Configuration
The ipsec_config batch file on Dog contains only one host IPsec policy. The -in substatement
specifies the parameters for the inbound SA: the type of IPsec header (ESP), the SPI Security
Parameters Index (2500004), the 128-bit AES key, and the 160-bit SHA-1 key. The -out
substatement specifies the parameters for the outbound SA.
No IKE policy or authentication record is required because you are using manual keys.
add host rlog_dog_to_cat -source 10.2.2.2 \
-destination 10.4.4.4/32/RLOGIN \
-action ESP_AES128_HMAC_SHA1 \
-in ESP/2500004/\
0x0123456789012345678901234567890123456789/\
0x12345678901234567890123456789012 \
-out ESP/2500003/\
0x1234567890123456789012345678901234567890/\
\0x12345678901234567890123456789012
Cat Configuration
The ipsec_config batch file on Cat is the mirror image of the batch file on Dog. The
administrator created the batch file by copying the batch file from Dog and swapping the source
and destination option names (-source and -dst ), and swapping the inbound and outbound
SA option names (-in and -out ).
add host rlog_dog_to_cat -destination 10.2.2.2 \
-source
10.4.4.4/32/RLOGIN \
-action ESP_AES128_HMAC_SHA1 \
-out ESP/2500004/\
0x0123456789012345678901234567890123456789/\
0x12345678901234567890123456789012 \
-in ESP/2500003/\
0x1234567890123456789012345678901234567890/\
\0x12345678901234567890123456789012
218 Using Manual Keys