Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
Step 2: Configuring Tunnel IPsec Policies............................................................................................80
ipsec_config add tunnel Syntax...........................................................................................80
tunnel_policy_name ............................................................................................................80
-tsource and -tdestination tunnel_address .............................................................81
-source and -destination ip_addr [/prefix]................................................................81
ip_addr ..............................................................................................................................81
prefix .................................................................................................................................81
-protocol protocol_id ......................................................................................................82
ICMPv4 Messages.................................................................................................................82
ICMPv6 Messages.................................................................................................................82
-action transform_list ....................................................................................................82
lifetime_seconds ...........................................................................................................83
lifetime_kbytes .............................................................................................................83
Tunnel IPsec Policy Configuration Example...................................................................................83
Step 3: Configuring Authentication Records and Preshared Keys......................................................85
Remote Multihomed Systems..........................................................................................................85
Authentication Record Order and Selection...................................................................................85
Automatic Priority Increment....................................................................................................85
ipsec_config add auth Syntax...............................................................................................86
auth_name ...............................................................................................................................86
-remote ip_addr [/prefix ] ..........................................................................................86
ip_addr ..............................................................................................................................86
prefix .................................................................................................................................86
-kmp ike_version.................................................................................................................87
-exchange AM|MM ..................................................................................................................87
-ltype local_id_type and -lid local_id .....................................................................88
-rtype remote_id_type and -rid remote_id .................................................................89
-local_method method........................................................................................................89
-remote_method method......................................................................................................90
-preshared preshared_key...............................................................................................90
-priority priority_number .............................................................................................90
-flags flags..........................................................................................................................91
Subtree and Address Range Remote ID Matching..........................................................................91
Subtree Remote ID Matching.....................................................................................................91
FQDN....................................................................................................................................91
User FQDN...........................................................................................................................92
X.500 DN...............................................................................................................................92
Address Range Remote ID matching....................................................................................92
Authentication Record Examples with Preshared Keys.................................................................92
IKEv1..........................................................................................................................................92
IKEv2..........................................................................................................................................93
Multihomed Example.................................................................................................................93
Authentication Record Examples with RSA Signatures.................................................................93
IKEv1 Example...........................................................................................................................93
Distinguished Name Example...................................................................................................93
Multihomed Example.................................................................................................................93
Step 4: Configuring IKEv1 and IKEv2 Policies.....................................................................................95
default IKE Policies......................................................................................................................95
IKE Policy Order and Selection.......................................................................................................95
Automatic Priority Increment....................................................................................................95
Syntax..............................................................................................................................................96
ipsec_config add ikev1 Syntax.............................................................................................96
ikev1_policy_name ..............................................................................................................96
-remote ip_addr[/prefix ] ............................................................................................96
6 Table of Contents