Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
51525354555657585960
# -action ESP_AES128_HMAC_SHA1
#
############################################################################
# Case 2 - Host policy to secure inbound telnet
############################################################################
#
#add host <inbound_telnet_policy_name> \
# -source <local_ip_address>/32/TELNET -destination <peer_ip_address>/32 \
# -action ESP_AES128_HMAC_SHA1
#
############################################################################
# Case 3 - Host policy to secure all UDP packets between two hosts
############################################################################
#
#add host <udp_policy_name> \
# -source <local_ip_address>/32 -destination <peer_ip_address>/32 \
# -protocol UDP -action ESP_AES128_HMAC_SHA1
#
############################################################################
# Case 4 - Host policy to secure all packets between two hosts
#
# NOTE: If you use this policy to secure all packets in an IPv4
# subnet, you may need to insert a policy to allow ICMP packets
# to and from routers to pass in cleartext.
# For example:
# add host icmp_clear -destination <router_ip_address> \
# -protocol ICMP -action PASS
#
############################################################################
#
#add host <all_protocols_policy_name> \
# -source <local_ip_address>/32 -destination <peer_ip_address>/32 \
# -protocol ALL -action ESP_AES128_HMAC_SHA1
#
############################################################################
#
# SECTION 2: Authentication Record with Preshared Key
#
############################################################################
#
# Uncomment and modify the following authentication record.
# The preshared key is used for authentication.
# You must configure one authentication record for each peer system.
#
# This configuration uses
# the local IP address and peer_ip_address as the authentication IDs.
#
# Preshared keys starting with 0x are stored as hex values.
#
# Copy and uncomment the following entry if you are using IKEv1 as the key
# exchange protocol:
#
#add auth <auth_policy_name> -remote <peer_ip_address> \
# -kmp ikev1 -rtype <ipv4|ipv6> -rid <peer_ip_address> \
# -local_method psk -psk <my_preshared_key>
#
# Copy and uncomment the following entry if you are using IKEv2 as the key
# exchange protocol:
#
#add auth <auth_policy_name> -remote <peer_ip_address> \
# -kmp ikev2 -rtype <ipv4|ipv6> -rid <peer_ip_address> \
# -local_method psk -psk <my_preshared_key>
#
############################################################################
#
# SECTION 3: IKEv1 Policy or IKEv2 Policy
#
############################################################################
#
# IKEv1 :
# The pre-loaded default IKEv1 policy has the following parameters:
# -Diffie-Hellman Group: 2
Step 2: Modifying the Configuration Batch File Template 57