HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

ESP_AES128_HMAC_SHA2_512...................................................................................145

ESP_AES192_HMAC_MD5..........................................................................................145

ESP_AES192_HMAC_SHA1.........................................................................................145

ESP_AES192_HMAC_SHA2_256..................................................................................145

ESP_AES192_HMAC_SHA2_384..................................................................................145

ESP_AES192_HMAC_SHA2_512...................................................................................145

ESP_AES256_HMAC_MD5..........................................................................................145

ESP_AES256_HMAC_SHA1.........................................................................................145

ESP_AES256_HMAC_SHA2_256..................................................................................145

ESP_AES256_HMAC_SHA2_384.................................................................................145

ESP_AES256_HMAC_SHA2_512..................................................................................146

ESP_3DES_HMAC_SHA2_256.....................................................................................146

ESP_3DES_HMAC_SHA2_384.....................................................................................146

ESP_3DES_HMAC_SHA2_512......................................................................................146

ESP_NULL_HMAC_SHA2_256......................................................................................146

ESP_NULL_HMAC_SHA2_384.....................................................................................146

ESP_NULL_HMAC_SHA2_512......................................................................................146

Transform Lifetimes...........................................................................................................146

HP-UX IPSec Operation..........................................................................................................146

HP-UX IPSec Message Flow for Establishing SAs...................................................................146

IKE Roles....................................................................................................................147

IKEv1 IKE SAs.............................................................................................................147

IKEv1 Main Mode..................................................................................................147

IKEv1 Aggressive Mode..........................................................................................148

IPsec SAs Negotiated Using IKEv1 Quick Mode.........................................................149

IKEv2 IKE and IPsec SA Message Flow...........................................................................149

Components....................................................................................................................151

Outbound Data Processing................................................................................................151

Query the Kernel Policy Engine.....................................................................................151

Query the Policy Manager Daemon for a Host Policy.......................................................152

Inbound Data Processing..................................................................................................152

Processing Inbound Tunnel Packets................................................................................153

Establishing IKE and IPsec SAs...........................................................................................153

Determining the IKE Version..........................................................................................153

IKEv1 Negotiations.....................................................................................................154

IKEv1 Main Mode Negotiations...............................................................................154

IKEv1 Aggressive Mode Negotiations.......................................................................156

IKEv1 Negotiations for IPsec SAs..............................................................................157

IKEv2 Negotiations.....................................................................................................159

Initiator Sends Message 1.......................................................................................159

Responder Receives Message 1................................................................................159

Responder Sends Message 2...................................................................................159

Initiator Receives Message 2....................................................................................159

Initiator Sends Message 3.......................................................................................160

Responder Receives Message 3................................................................................160

Responder Sends Message 4...................................................................................161

Initiator Receives Message 4....................................................................................161

IKE and IPsec SA Proposals...............................................................................................161

IPsec SA Packet Descriptors...............................................................................................161

Host Policies...............................................................................................................161

IKEv1....................................................................................................................162

IKEv2....................................................................................................................162

Tunnel Policies.............................................................................................................162

IKEv1....................................................................................................................162

IKEv2....................................................................................................................162

Contents 11