HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

Shared Key Encryption..............................................................................................................32

Shared Key Hash Functions.......................................................................................................33

ESP Processing...........................................................................................................................33

Transport and Tunnel Modes.....................................................................................................34

Transport Mode.....................................................................................................................34

Tunnel Mode.........................................................................................................................35

IPv6 ESP Transport Mode.....................................................................................................35

IPv6 ESP Tunnel Mode..........................................................................................................35

ESP Encryption and Authentication Algorithms.......................................................................36

Non-Authenticated ESP.............................................................................................................36

Authentication Header (AH)...........................................................................................................36

Transport and Tunnel Modes.....................................................................................................36

Transport Mode.....................................................................................................................36

Tunnel Mode.........................................................................................................................37

IPv6 AH Transport Mode.....................................................................................................37

IPv6 AH Tunnel Mode..........................................................................................................37

Internet Key Exchange (IKE)...........................................................................................................38

Security Associations.................................................................................................................38

IKEv1 Phases and Exchange Modes.....................................................................................38

Generating Shared Keys: Diffie-Hellman..................................................................................39

IKE Primary Authentication.................................................................................................40

IKE Preshared Key Authentication.......................................................................................40

IKE Digital Signature Authentication...................................................................................40

Perfect Forward Secrecy.............................................................................................................41

IPsec Re-keying..........................................................................................................................41

Manual Keys....................................................................................................................................41

Summary.........................................................................................................................................41

HP-UX IPSec Topologies.......................................................................................................................43

Host-to-Host Security Within an Internal Network........................................................................43

Host-to-Host VPN Across the Internet............................................................................................43

Host-to-Gateway VPN Across the Internet.....................................................................................44

Application Server in DMZ with Back-End Server.........................................................................44

Securing Access between the Client and DMZ Server....................................................................45

2 Installing HP-UX IPSec .................................................................................................47

HP-UX IPSec Product Requirements....................................................................................................48

Software Requirements....................................................................................................................48

Disk Requirements..........................................................................................................................48

Step 1: Verifying HP-UX IPSec Installation and Configuration Prerequisites.....................................49

Step 2: Loading the HP-UX IPSec Software .........................................................................................50

Step 3: Establishing the HP-UX IPSec Password..................................................................................51

Step 4: Completing Post-Installation Migration Requirements............................................................52

Removing HP-UX IPSec........................................................................................................................52

3 Quick Configuration Procedure and Tips..................................................................53

Overview...............................................................................................................................................53

Step 1: Establishing the HP-UX IPSec Password..................................................................................54

Step 2: Modifying the Configuration Batch File Template...................................................................55

Policy Priority Order and Selection.................................................................................................55

Automatic Priority Assignment.................................................................................................55

host-to-host Template File...............................................................................................................55

Example...........................................................................................................................................58

Red Configuration......................................................................................................................58

4 Table of Contents