HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

group, 249

configuring in IKEv1 policies, 97

configuring in IKEv2 policies, 100

digital signature, 40

using with IPsec, 30

disk requirements, 48

Distinguished Name

specifying in authentication record, 89

specifying in CSR, 118

DMZ

securing with IPsec, 45

E

EEXIST error message, 219

Encapsulating Security Payload (see ESP)

encryption

algorithms, 167

configuring in IKEv1 policies, 98

configuring in IKEv2 policies, 100

definition, 249

keys, 169

generating, 216

error messages

can't find matching selector, 157

connection timed out, 153

EEXIST, 219

Internal Database error, 160

Invalid SADB_ADD, 219

no proposal chosen, 156, 158

no suitable policy found, 158

phase 1 negotiation failed, 155

retransmission count exceeded, 156

ts unacceptable, 157

unable to connect, 153

ESP (Encapsulating Security Payload), 29

algorithms, 167

configuring in host IPsec policies, 76

configuring in tunnel IPsec policies, 83

definition, 250

negotiation, 169

processing, 175

RFC, 165

tunnel mode, 35

exchange mode

configuring, 85

F

filter

definition, 250

Fully Qualified Domain Name

specifying in authentication record, 88

specifying in CSR, 119

H

hash algorithm

configuring in IKE policies, 97

configuring in IKEv2 policies, 100

host IPsec policies

configuring, 72

default, 72

examples, 78

host-to-gateway topology

configuration example, 210

I

ICMP messages

common messages used, 185

discarding with IPv4, 185

ICMPv6 messages, 185

ID types

not supported, 166

supported, 88

IKE

version

configuring, 85

IKE (Internet Key Exchange), 29

defined, 32

description, 38

ID types

not supported, 166

supported, 88

limitations, 166

policies

examples, 98

policy selection, 95

protocol, 250

RFC, 165

SA, 169

definition, 70

establishing, 181

negotiation failure, 155, 157

reporting, 145

SA definition, 250

version

configuring, 87

selection by IKE daemon, 176

version compatibility, 38

installing

loading software, 50

prerequisites, 49

verifying, 60, 107

Internal Database error message, 160

Internet Control Message Protocol messages. (see ICMP

messages)

Internet Key Exchange (see IKE)

Invalid SADB_ADD error message, 219

IP address

configuring in host IPsec policies, 73

configuring in IKEv1 policies, 96

configuring in IKEv2 policies, 99

IPsec

daemons, 145

operation, 169

overview, 29, 32

RFCs, 165

SA, 169, 250

Security Association (see IPsec SA)

services, 29

254 Index