Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
51525354555657585960
######################################################################
# /var/adm/ipsec/templates/host-to-host
#
# Sample ipsec_config batch file for securing host-to-host IP packets
# using preshared keys.
#
# Copyright 2009, Hewlett-Packard Development Company L.P.
#
######################################################################
#
# To use this file:
# 1. Uncomment the appropriate configuration statements.
# For host-to-host IPsec, you must:
# a. Configure at least one host IPsec policy. See SECTION 1 below.
# b. Configure an authentication record with the preshared key.
# See SECTION 2 below.
# c. Change the IKEv1 or IKEv2 default policy if needed.
# See SECTION 3 below.
# Replace the parameters in angle brackets (<>) with the appropriate
# values for your configuration.
# 2. Save your copy of the modified contents in another file, such as
# my_batch_file.
# 3. Use your batch file as input to the ipsec_config command:
# ipsec_config batch <my_batch_file>
#
# Refer to the ipsec_config manpage and the HP-UX IPSec Administrators
# Guide for more information.
#
############################################################################
#
# SECTION 1: Host IPsec Policies
#
############################################################################
#
# This section contains host IPsec policies for different topologies.
# Select the topology that most closely matches what you want to implement
# and uncomment and modify the appropriate host IPsec policies.
#
# Transform
# ---------
# This configuration uses ESP in tunnel mode with AES128 encryption and SHA1
# authentication for the IPSec SAs. AES128 provides strong encryption
# with the best performance.
#
# Search Priority
# ---------------
# Enter the most specific policies first.
# ipsec_config will assign priority numbers in ascending order and
# HP-UX IPSec searches policies starting with the lowest priority number,
# so it will search the policies in the order you configure them.
# Alternatively, you can explicitly assign a priority number using the
# -priority <priority_number>
# argument. A lower priority_number has a higher priority. For example,
# a policy with priority number 1 has a higher priority than a policy
# with priority number 100.
#
# Subnet and IPv6 Addresses
# -------------------------
# In the address specifications, the IP address prefix (32) follows the
# IP address.
# To use the host policies for subnet topologies, change
# the address prefix length to the appropriate length.
# To use the host policies for IPv6 host-to-host topologies, change
# the address prefix length from 32 to 128.
#
############################################################################
# Case 1 - Host policy to secure outbound telnet
# Refer to the ipsec_config_add manpage for other valid service names.
############################################################################
#
#add host <outbound_telnet_policy_name> \
# -source <local_ip_address>/32 -destination <peer_ip_address>/32/TELNET \
56 Quick Configuration Procedure and Tips