HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Table of Contents

About This Document .....................................................................................................19

Intended Audience................................................................................................................................19

New and Changed Documentation in This Edition.............................................................................19

IKE Policy Changes..........................................................................................................................20

Support for IKE Version 2..........................................................................................................20

IKEv1 and IKEv2 Policies Replace IKE Policies.........................................................................20

default IKEv1 and IKEv2 Policies...........................................................................................20

The ipsec_config add ike Command Is Deprecated........................................................20

IKE DES Encryption Is Obsolete................................................................................................20

IKEv1 Perfect Forward Secrecy with Keys Only........................................................................21

IKE Support for Multiple Hash, Encryption, and Group Values...............................................21

IKE Support for Diffie-Hellman Groups 5 and 14.....................................................................21

IKE Support for AES128-CBC Encryption.................................................................................21

Authentication Record Changes......................................................................................................21

Authentication Records Are Mandatory....................................................................................21

Authentication Records Include a Priority Value......................................................................21

Authentication Records Specify the IKE (Key Management Protocol) Version........................22

Authentication Records Support the AUTOCONF Flag...............................................................22

Authentication Records Support Subtrees and Address Ranges for Remote ID Matching......22

Hexadecimal Storage for Preshared Key Values Starting with 0x............................................22

Host and Tunnel Policy Changes.....................................................................................................22

Nested Transforms and DES Transforms Are Obsolete.............................................................22

Support for Fallback to Clear in Host Policies...........................................................................22

Support for Multiple Source and Destination Arguments in Host and Tunnel Policies...........23

Support for IP Address and Port Number Ranges in Host Policies..........................................23

Support for IP Address Ranges in Tunnel Policies....................................................................23

Port Numbers and Services Are Ignored in Tunnel Policies......................................................23

Support for ICMPv4 and ICMPv6 Type Codes in Host Policies................................................23

Certificate Changes..........................................................................................................................23

The ipsec_config add cert Command is Deprecated......................................................23

Support for 4096 Bit Key Pairs for Certificates...........................................................................24

Support for PKCS#12 Certificates..............................................................................................24

Certificate Retrieval from LDAP Directories.............................................................................24

Support for Multiple Level Public Key Infrastructures.............................................................24

Certificate Revocation List cron File Change...........................................................................24

Support for RFC 4301 Security Processing for ICMP Errors...........................................................24

Profile File Changes.........................................................................................................................24

Mobile IPv6 Support Is Obsolete.....................................................................................................25

Gateway Policies Are Obsolete........................................................................................................25

Related Information..............................................................................................................................25

Publishing History................................................................................................................................25

What’s in This Document......................................................................................................................26

Typographic Conventions...............................................................................................................26

HP Encourages Your Comments..........................................................................................................27

OpenSSL Copyright Notice..................................................................................................................27

1 HP-UX IPSec Overview.................................................................................................29

Features.................................................................................................................................................29

IPsec Protocol Suite...............................................................................................................................32

Encapsulating Security Payload (ESP)............................................................................................32

Table of Contents 3