Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
81828384858687888990
Valid Values:
PSK (preshared key)
RSASIG (RSA signatures using certificates)
Default: The configured value for -remote_method. If the -remote_method argument is not
specified, and the -preshared argument is present, the default is PSK. If both the
-remote_method and the -preshared argument are not specified, the default is the value for
the local-method parameter in the AUTHPolicy-Defaults section of the profile file used. The
default local-method parameter value is RSASIG (RSA signatures using certificates) in /var/
adm/ipsec/.ipsec_profile.
-remote_method method
The IKE authentication method the local system uses to authenticate the remote system.
HP-UX IPSec uses the same method type for the remote method and the local method (the method
the local system uses to authenticate itself to the remote system). You can specify the
-local_method or -remote_method argument but not both.
Valid Values:
PSK (preshared key)
RSASIG (RSA signatures using certificates)
Default: The configured value for -local_method. If the -local_method argument is not
specified, and the -preshared argument is present, the default is PSK. If both the
-local_method and the -preshared argument are not specified, the default is the value for
the remote-method parameter in the AUTHPolicy-Defaults section of the profile file used. The
default remote-method parameter value is RSASIG (RSA signatures using certificates) in /var/
adm/ipsec/.ipsec_profile.
-preshared preshared_key
The preshared_key is the preshared key used for IKE authentication. Omit this argument if
you are using certificate-based authentication.
The preshared key must match the key configured on the remote system.
Valid Values: A text string, containing 1 - 128 ASCII characters or a hexadecimal value prefixed
by 0x. White spaces are not allowed. You must quote shell special characters if you are using
the command-line interface; do not quote them if you are using a batch file.
Default: None.
-priority priority_number
The priority_number is the priority value HP-UX IPSec uses when selecting an authentication
record (a lower priority value has a higher priority). The priority must be unique for each
authentication record. HP-UX IPSec searches the authentication records in priority order.
When the HP-UX system is the initiator in an IKE negotiation, it selects the first record with a
remote IP address value (-remote argument) that matches the remote system address.
When the local system is the responder in an IKEv1 MM or an IKEv2 negotiation, it selects the
first record with a remote IP address value that matches the IP packet source address.
When the local system is the responder in an IKEv1 AM negotiation, it selects the first record
with a matching remote ID value, and then verifies that the remote address specification matches.
If the address specification does not match, IKE continues to search the authentication records
in priority order.
Range: 1 - 2147483647.
Default: If you do not specify a priority, ipsec_config assigns a priority value that is set to
the current highest priority value (lowest priority) for authentication records in the configuration
90 Configuring HP-UX IPSec