Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
919293949596979899100
add ikev1 apple -remote 10.1.1.1 -encryption 3DES
add ikev1 all_others -remote 10.0.0.0/8 -encryption AES128-CBC
ipsec_config add ikev2 Syntax
You can use the following the ipsec_config add ikev2 syntax in most installations:
ipsec_config add ikev2 ikev2_policy_name
-remote ip_addr[/prefix]
[-group group_number]
[-hash hash_algorithm]
[-encryption encryption_algorithm]
[-prf pseudo-random_function]
[-life lifetime_seconds]
[-pfs ON|OFF]
[-priority priority_number]
HP recommends that you use an ipsec_config batch file to configure HP-UX IPSec. To specify
an add ikev2 operation for an ipsec_config batch file, use the above syntax without the
ipsec_config command name:
add ikev2 default ikev2_policy_name
-remote ip_addr[/prefix]
[-group group_number]
[-hash hash_algorithm]
[-encryption encryption_algorithm]
[-prf pseudo-random_function]
[-life lifetime_seconds]
[-pfs ON|OFF]
[-priority priority_number]
The complete ipsec_config add ikev2 syntax specification also allows you to specify the
following arguments:
nocommit (verify the syntax but do not commit the information to the database)
profile (alternate profile file)
Refer to the ipsec_config_add(1M) manpage for complete syntax information.
ikev2_policy_name
The ikev2_policy_name is the user-defined name for the IKEv2 policy. This name must be
unique for each IKEv2 policy and is case-sensitive.
Valid Values: 1 - 63 characters. Each character must be an ASCII alphanumeric character, hyphen
(-), or underscore (_).
The name default is reserved. See default IKE Policies” (page 95) for more information.
-remote ip_addr [/prefix ]
The ip_addr and prefix are the IP address and network prefix length that specifies the remote
system or subnet for this policy.
NOTE: This argument is not valid for the default IKEv2 policy. The default IKEv2 policy matches
all remote addresses.
Where:
ip_addr
The ip_addr is the remote IP address.
Valid Values: An IPv4 address in dotted-decimal notation or an IPv6 address in colon-hexadecimal
notation. The IP address type (IPv4 or IPv6) must be the same for the source and destination
address. HP-UX IPSec does not support unspecified IPv6 addresses. However, you can use the
Step 4: Configuring IKEv1 and IKEv2 Policies 99