Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
81828384858687888990
ipsec_config add auth Syntax
You can use the following ipsec_config add auth syntax in most installations:
ipsec_config add auth auth_name -remote ip_addr[/prefix]
[-kmp ike_version]
[-exchange|x AM|MM]
[-ltype local_id_type -lid local_id]
[ -rtype remote_id_type -rid remote_id]
[-local_method method] [-remote_method method]
[-preshared preshared_key] [-priority priority]
HP recommends that you use an ipsec_config batch file to configure HP-UX IPSec. To specify
an add auth operation for an ipsec_config batch file, use the above syntax without the
ipsec_config command name:
add auth auth_name -remote ip_addr[/prefix]
[-kmp ike_version]
[-exchange|x AM|MM]
[-ltype local_id_type -lid local_id]
[-rtype remote_id_type -rid remote_id]
[-local_method method] [-remote_method method]
[-preshared preshared_key] [-priority priority]
The complete ipsec_config add auth syntax specification also allows you to specify the
following arguments:
nocommit (verify the syntax but do not commit the information to the database)
profile (alternate profile file)
Refer to the ipsec_config_add(1M) manpage for complete syntax information.
auth_name
The auth_name user-defined name for the authentication record. This name must be unique
for each record and is case-sensitive.
Valid Values: 1 - 63 characters. Each character must be an ASCII alphanumeric character, hyphen
(-), or underscore (_).
-remote ip_addr [/prefix ]
The ip_addr and prefix are the IP address and network prefix length that specifies the remote
system or subnet for this record.
Where:
ip_addr
The ip_addr is the remote IP address.
Valid Values: An IPv4 address in dotted-decimal notation or an IPv6 address in colon-hexadecimal
notation. HP-UX IPSec does not support unspecified IPv6 addresses. However, you can use the
double-colon (::) notation within a specified IPv6 address to denote a number of zeros (0) within
an address. The address cannot be a broadcast, subnet broadcast, multicast, or anycast address.
Default: None.
prefix
The prefix is the prefix length, or the number of leading bits that must match when comparing
the remote address with ip_addr.
For IPv4 addresses, a prefix length of 32 bits indicates that all the bits in the addresses must
match.
For IPv6 addresses, a prefix length of 128 bits indicates that all the bits in the addresses must
match.
86 Configuring HP-UX IPSec