HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ip_addr ..............................................................................................................................97

prefix .................................................................................................................................97

-group group_number ..........................................................................................................97

-hash hash_algorithm .......................................................................................................97

-encryption encryption_algorithm .............................................................................98

-life lifetime_seconds ...................................................................................................98

-pfs ON|OFF ...........................................................................................................................98

-priority priority_number ............................................................................................98

ipsec_config add ikev1 Command Examples.................................................................98

ipsec_config add ikev2 Syntax.............................................................................................99

ikev2_policy_name ..............................................................................................................99

-remote ip_addr [/prefix ] ..........................................................................................99

ip_addr ..............................................................................................................................99

prefix ...............................................................................................................................100

-group group_number .........................................................................................................100

-hash hash_algorithm .....................................................................................................100

-encryption encryption_algorithm ...........................................................................100

-prf pseudo-random_function........................................................................................101

-life lifetime_seconds ..................................................................................................101

-pfs ON|OFF .........................................................................................................................101

-priority priority_number ..........................................................................................101

ipsec_config add ikev2 Command Example.................................................................102

Step 5: Configuring Certificates..........................................................................................................103

Step 6: Configuring the Bypass List (Local IP Addresses)..................................................................104

Logical Interfaces...........................................................................................................................104

Example.........................................................................................................................................104

Maximizing Security......................................................................................................................104

ipsec_config add bypass Syntax.........................................................................................105

ip_address ...........................................................................................................................105

Bypass Configuration Example.....................................................................................................105

Step 7: Verifying the Batch File Syntax...............................................................................................106

Step 8: Committing the Batch File Configuration and Verifying Operation......................................107

Step 9: Configuring HP-UX IPSec to Start Automatically..................................................................110

ipsec_config add startup Syntax.......................................................................................110

Step 10: Creating Backup Copies of the Configuration Files..............................................................111

Certificate Storage Directory.........................................................................................................111

5 Using Certificates with HP-UX IPSec .......................................................................113

Overview.............................................................................................................................................114

Security Certificates and Public Key Cryptography.....................................................................114

Public Key Distribution............................................................................................................114

Security Certificates..................................................................................................................114

Digital Signatures..........................................................................................................................114

IKE Authentication with RSA Signatures......................................................................................115

PKI Requirements...............................................................................................................................115

Multiple Level CA Requirements..................................................................................................115

LDAP Requirements...........................................................................................................................115

Configuring Certificates......................................................................................................................117

Step 1: (Optional) Getting a Certificate for the Local System.............................................................118

Using the ipsec_config add csr Command......................................................................118

ipsec_config add csr Syntax................................................................................................118

-subject subject_name .................................................................................................118

-alt-ipv4 ipv4_addr .....................................................................................................119

-alt-ipv6 ipv6_addr .....................................................................................................119

Table of Contents 7