HP-UX IPSec Version A.03.00 Administrator's Guide
TIP: Most IKEv1 implementations use Main Mode by default. The IKE protocol specification
requires implementations to support Main Mode; support for Aggressive Mode is optional.
-ltype local_id_type and -lid local_id
The local_id_type and local_id are the local ID type and value the local system sends to
the remote system when negotiating an IKE SA. These values must match what is configured
on the remote system.
You do not have to configure local ID type and value if your topology meets the following criteria:
• the local system is not multihomed
• the remote system an HP-UX system or is a non-HP system configured to accept IPv4 or
IPv6 addresses as the ID type
Valid Values: Table 4-4 lists valid ID types and corresponding ID values.
Table 4-4 Local and Remote ID Types and Values
ID ValueID Type
IPv4 address in dotted-decimal notation.
If you are using certificate-based authentication, this must match the
subjectAlternativeName field in the certificate.
For remote IDs, the value can be a subnet with a prefix or an IP address range.
See “Subtree and Address Range Remote ID Matching” (page 91).
IPV4
IPv6 address in colon-hexadecimal notation.
If you are using certificate-based authentication, this must match the
subjectAlternativeName field in the certificate.
For remote IDs, the value can be a subnet with a prefix or an IP address range.
See “Subtree and Address Range Remote ID Matching” (page 91).
IPV6
Fully Qualified Domain Name (FQDN), also known as Domain Name Server or
DNS name, such as myhost.hp.com.
If you are using certificate-based authentication, this must match the
subjectAlternativeName field in the certificate.
FQDN
Key identifier; a character string used to identify the preshared key. The maximum
length is 320 characters.
This ID type is valid only for IKE authentication using preshared keys.
KEY-ID
88 Configuring HP-UX IPSec